From 09882fed5ca917502830595f2f2ffcb8cd3c7de8 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 10 May 2023 17:19:46 -0400 Subject: [PATCH 001/141] Remove Prometheus usage --- dashboard/app.py | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/dashboard/app.py b/dashboard/app.py index 6718a5c1..19d84d6c 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -12,12 +12,10 @@ from flask import request from flask import send_from_directory from flask import session + from flask_assets import Bundle from flask_assets import Environment from flask_talisman import Talisman -from prometheus_client import multiprocess -from prometheus_client.core import CollectorRegistry -from prometheus_flask_exporter import PrometheusMetrics from dashboard import oidc_auth from dashboard import config @@ -48,23 +46,6 @@ app = Flask(__name__) everett_config = get_config() -# Enable monitoring endpoint -if ( - everett_config( - "enable_prometheus_monitoring", namespace="sso-dashboard", default="False" - ) == "True" -): - os.environ["prometheus_multiproc_dir"] = "/tmp" - registry = CollectorRegistry() - multiprocess.MultiProcessCollector(registry, path="/tmp") - metrics = PrometheusMetrics(app) - metrics.start_http_server( - int( - everett_config( - "prometheus_monitoring_port", namespace="sso-dashboard", default="9000" - ) - ) - ) talisman = Talisman(app, content_security_policy=DASHBOARD_CSP, force_https=False) From 2e0a4afd10624874939f28cd6e49c4fb40bc4c0d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 10 May 2023 17:24:43 -0400 Subject: [PATCH 002/141] Remove Credstash --- dashboard/__init__.py | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/dashboard/__init__.py b/dashboard/__init__.py index df641fec..5662038d 100644 --- a/dashboard/__init__.py +++ b/dashboard/__init__.py @@ -1,13 +1,9 @@ import os -from credstash import getSecret -from credstash import ItemNotFound -from everett import NO_VALUE -from everett.manager import listify - from everett.manager import ConfigManager from everett.manager import ConfigIniEnv + # -*- coding: utf-8 -*- """Mozilla Single Signon Dashboard.""" @@ -20,28 +16,6 @@ __all__ = ["app", "auth", "config", "models", "person", "s3", "utils", "vanity"] -class CredstashEnv(object): - def get(self, key, namespace=None): - # The namespace is either None, a string or a list of - # strings. This converts it into a list. - namespace = listify(namespace) - try: - if len(namespace) > 0: - secret = getSecret( - name="{}.{}".format(namespace[0], key), - context={"app": "sso-dashboard"}, - region="us-east-1", - ) - else: - secret = None - except ItemNotFound: - secret = None - - if secret is not None: - return secret - - return NO_VALUE - def get_config(): return ConfigManager( @@ -53,6 +27,5 @@ def get_config(): "/etc/sso-dashboard.ini", ] ), - CredstashEnv(), ] ) From 1905f2c9125276c0825379d8dcf3a584f5d8aafc Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 10 May 2023 17:25:43 -0400 Subject: [PATCH 003/141] Update requirements.txt --- requirements.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 2b4d7520..a91e6511 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,7 @@ boto==2.49.0 boto3==1.7.79 botocore==1.10.79 certifi==2017.11.5 -cffi==1.11.2 +cffi==1.15.1 chardet==3.0.4 click==6.7 configobj==5.0.6 @@ -17,6 +17,7 @@ cookies==2.2.1 credstash==1.14.0 cryptography==2.0 cssmin==0.2.0 +dataclasses==0.8 docker==3.7.2 docker-pycreds==0.4.0 docutils==0.14 @@ -83,6 +84,6 @@ watchdog==0.8.3 watchtower==0.5.2 webassets==0.12.1 websocket-client==0.56.0 -Werkzeug>=0.14 +Werkzeug==2.0.3 wrapt==1.11.1 xmltodict==0.12.0 From 7cefb298013bd81d267a3213733e23e4ccd9b06a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 10 May 2023 17:28:12 -0400 Subject: [PATCH 004/141] Update gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 18df9244..18c79a4a 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ dashboard/static/css/gen/ dashboard/static/.webassets-cache/ dashboard/static/img/logos/* virtualenv.egg-info +dashboard.egg-info bin man include From 98796b81fe69c4ad9ed0cb71d67049dcb08f72ae Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 10 May 2023 17:33:42 -0400 Subject: [PATCH 005/141] Remove unused files --- ansible/ansible-requirements.txt | 2 - ansible/ansible.cfg | 2 - ansible/container.yml | 19 -- ansible/meta.yml | 33 -- ansible/requirements.yml | 5 - ansible/roles/dashboard/files/dumb-init | Bin 21752 -> 0 bytes .../roles/dashboard/files/nginx/nginx.conf | 97 ------ ansible/roles/dashboard/files/nginx/start.sh | 3 - .../roles/dashboard/files/sso-dashboard.ini | 19 -- ansible/roles/dashboard/tasks/main.yml | 136 -------- cloudformation/alert-feeback.yml | 18 - cloudformation/roles.yml | 315 ------------------ k8s/Chart.yaml | 2 - k8s/templates/00-namespace.yaml | 5 - k8s/templates/deployment.yaml | 43 --- k8s/templates/ingress-controller.yaml | 190 ----------- k8s/templates/ingress.yaml | 26 -- k8s/templates/service.yaml | 14 - k8s/values.yaml | 5 - k8s/values/dev.yaml | 7 - k8s/values/prod.yaml | 7 - k8s/values/staging.yaml | 7 - 22 files changed, 955 deletions(-) delete mode 100644 ansible/ansible-requirements.txt delete mode 100644 ansible/ansible.cfg delete mode 100644 ansible/container.yml delete mode 100644 ansible/meta.yml delete mode 100644 ansible/requirements.yml delete mode 100644 ansible/roles/dashboard/files/dumb-init delete mode 100644 ansible/roles/dashboard/files/nginx/nginx.conf delete mode 100644 ansible/roles/dashboard/files/nginx/start.sh delete mode 100644 ansible/roles/dashboard/files/sso-dashboard.ini delete mode 100644 ansible/roles/dashboard/tasks/main.yml delete mode 100644 cloudformation/alert-feeback.yml delete mode 100644 cloudformation/roles.yml delete mode 100644 k8s/Chart.yaml delete mode 100644 k8s/templates/00-namespace.yaml delete mode 100644 k8s/templates/deployment.yaml delete mode 100644 k8s/templates/ingress-controller.yaml delete mode 100644 k8s/templates/ingress.yaml delete mode 100644 k8s/templates/service.yaml delete mode 100644 k8s/values.yaml delete mode 100644 k8s/values/dev.yaml delete mode 100644 k8s/values/prod.yaml delete mode 100644 k8s/values/staging.yaml diff --git a/ansible/ansible-requirements.txt b/ansible/ansible-requirements.txt deleted file mode 100644 index 10226fbe..00000000 --- a/ansible/ansible-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -# These are the python requirements for your Ansible Container builder. -# You do not need to include Ansible itself in this file. diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg deleted file mode 100644 index 460145a9..00000000 --- a/ansible/ansible.cfg +++ /dev/null @@ -1,2 +0,0 @@ -# Set any ansible.cfg overrides in this file. -# See: https://docs.ansible.com/ansible/intro_configuration.html#explanation-of-values-by-section diff --git a/ansible/container.yml b/ansible/container.yml deleted file mode 100644 index 47adb531..00000000 --- a/ansible/container.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: "2" -settings: - volumes: - ../:/dashboard -services: - web: - from: centos:latest - expose: - - "8000/tcp" - ports: - - "80:80" - - "8000:8000" - links: - - redis:redis - working_dir: '/sso-dashboard' - roles: - - dashboard - command: ['/usr/bin/dumb-init', '/usr/bin/start.sh'] -registries: {} diff --git a/ansible/meta.yml b/ansible/meta.yml deleted file mode 100644 index 01910269..00000000 --- a/ansible/meta.yml +++ /dev/null @@ -1,33 +0,0 @@ -galaxy_info: - author: Your name - description: Describe your awesome application here. - company: Your company - - # If the issue tracker for your role is not on GitHub, uncomment the - # next line and provide a value - # issue_tracker_url: - - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (GPLv2, CC-BY, etc) - - min_ansible_container_version: 0.9.1 - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If travis integration is cofigured, only notification for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - tags: [] - # List tags for your app here, one per line. A tag is a keyword that describes and categorizes the app. - # Users will find your app by searching for tags. Be sure to remove the '[]' above. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. Maximum 20 tags. diff --git a/ansible/requirements.yml b/ansible/requirements.yml deleted file mode 100644 index dfed8e7b..00000000 --- a/ansible/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Install Ansible Roles -# --------------------- -# When making the Conductor image `ansible-galaxy install -r requirements.yml` is executed -# using this file. Follow the instructions at http://docs.ansible.com/ansible/galaxy.html -# to include any roles you want installed prior to running main.yml. \ No newline at end of file diff --git a/ansible/roles/dashboard/files/dumb-init b/ansible/roles/dashboard/files/dumb-init deleted file mode 100644 index 13e0d30e02845954920b5498f0fa8717f281f767..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21752 zcmb_^3t&{$wf31j$RvcE$U~x{9CTt3komv0&zU4p zAHDzmM`!kH?X}llYwfkxeuN!G-o;5an~?Y<33m%rT9)MERpzfC46fist8R{vEVzVB zVJwGD9ce<&WtGhI(sHwyNCiRS6*R^e%9ZdU()DJ>N}sk!+LB_mTm4qNr&REMiR#Zu zv#s`$)e)XsS<3WtZ0E_RP%@5za;EP!{_`3^XbtPB^Oj43*hYZrqs@i6C<&^}f?oyD zX`>N9#>eS`5S(KaWuRlQ)Xsv1{YwZ(SI6@%m*5N=mnH~8dlE3PoqK4EHESbAl2Z`0 zuuW|F1}d5hJte@aJj;UPeu%!iZ$xDW&9?JfKw%6{6ogoig|<7gjW3P|o{-|mb{=-d zjXac^3&&D#wMm@Xf-ckyK!V9MZb5r+J2Jh%7JDD~7ZCpGfHLtvxd8Z|0{(UyF8V+` z9ye~~6JmPA_zH5E&sg*cPM{gJ0~|BD6*KCj4#v|2JL%eG62bjtG0>hdLDB#ctp_^h zJmt|3J;d~PnD*`&Pfz&%xh{eAbQ#bJ*3)waiSc?Gs2fVq-~N*o>xGqU=F>=+Hkifq z_Zn_!$7lj;4J+5I?WBhI@yZ1J+DIjRW+loU)V`AKJk1ew4J88s)6cLjV*#`6V~2*6 zNyFI2Ca{T91>g~{=p*PeLQkpwaj@{5R}%C;>lX*!Y%Y8Uc|k0?Xe@*(HWzyNXz6Q!ycv@e z^f$rFe=Y(qo589z&Tw=$^lSv5T(%M@nRYU}xiFjhimm?%VQ3#;;|)$w<7gINR(l_P zA^4ypQ$MP`y+i2~U+C9jww)gj0jx2vxo{q#3w^H{MdiQr6CFA8T!L5sD-`c}Ff8^% zi%&1^b-9GyD*@G!gIuQrKgK(-1VOJO6NqEKG35zvdLUN)C{Xo*qrg)QJkc@`MDlDd zJiwXLn#}p(xrZcW{1}ur7d~gQ?V}+ma&Tr6p?Q;w#TjP$2gWquVS2Q=u+4;f6>z&} z6GeQ=`SU^1TnI1vYcwSEQ@;p`URVU6=S*t)!PjUZAWV9Lh5MEg3HsnbUvuGakcYAi z8k0CdQ_X=?PEg@jfMu8bt`>4k}t`)cO9xeUAA1rjBFmNpT1`1EI;EmCR7>BfEm^a6aRMHmx zX!IChoZ;relO9Z@1C@gKov_|BaLoCEt;bj}j;JA?3u>Bv%vhd^Ucs490iiRzo1i&L zV)m~&18yQv<@ca%HE2UU#QA-+#JUswWkC^BSVbh2VWoDghZL}gQ~>e$Vf9=#Eq)u& zvz`>k9B59D+hIo$Ww!$y5~w1l%BqkGO^94-Ac%a*Af4m0DqKrV2u2MAQ9>D{s~fC} z_4k?(gp)&Tp$s6JRv|4Sg?f8;6<`=d|AFxnJC^idTx|ITTD3u+*z#>;9$lynRwB!4}(Ntp`lHTn6gk*wOPgz6uV*Rh& zBmo=Q?aoJ0d=Vu~aNoHfE9*O(sXgCnpWpdUSG21$nhS6D0Pnuk|5}1XxdHmT(*=@q zfx=v0>)~sRH$fHirT!Q|aIkG?WTBJ@oGj@-!QV0rKL_ypQvU?%Y{q|}TXZW(jzr-5 zS7W_0{UYWG=PAADB`o@+cK~_rXQTs|OzL4?gpQ!;>&UCQd|2af9y$bHb{Obr z_(2lH~L5gJUFR zEL^FW3W;vDeaPb7n0&JOZcpkrJzy$&K?KCh2=nceSIH~kt33KpDGN>6Yp2%W?H+xv zM}OnD6x=b}5r!rIRc;`R&F3-SotN!s2#j@x<1687_S$17-TDVif77eKFUS7?Co~J# zftBf(OO5*JK&chZCH+uSoZ;B!=C5L^=Q|2%Ed2wIzQ@^b+~z=`HLMWw{0@*qZ^tk#Vvp?s>>G=zZ%WR>=J`^gYQ)0a z4{C)$NJ41egP=nhR{;R@!+=_Ne#CiL-1RjVa|!w(2q_KhDi~Bxb_%jfXx*=jYhD1Q z+F?@%;`?JCuwX-O^c(0IOx*^A9rm*IG<^05#^7^4TBz06GLG8Q@bpC+YANBsCLBEVv~%`Z|$ypC$8BL?^jg;Wcgv;z-vD zn~NxOQ%|Zw8GL$D-z1^&oUzDMo#424kkej?7hDiS+${LIz|MV;o!BBlFPrDg6k8`F z<9^&_D{4V)1`2ZX;7oNwb5oL_j*EBcb1yVHk~ ztjB3VLlY3o9b$avaEC=G}a$OMunuyE7MEgNh@E1-*O0 zpKh;y#%(*U-#HQWdTIuK*;CE)ZNk#f6erUkblBDL@$R0~Q&1iH=#%0LCBfP6^_`>9 zr|_Zg2`P69#sN&FH5@E+Oi?rDl{s?sBkHxW`zWWJX$|ubN?g`$i^L)_lzi?>3xG~+ zN$2zY5s;#A301T;F&?;?GAa?+3ABRoBP@a4v#5Fdowm7R>jCQFOMMvq z-35c&RTK4G)QT3Mzz|WT)mH0rMy;tNM0Aw3crayTmy$_9;AVPqYOShsjIEtJ*kzl zsUGg&q;<&31sBE8&jI7{b(;$94LSCrj47q;!*-DrlI$#3$j6W=!g3zd++-8fO#IGN z{iKe{I&Y}T<_&F0g202<6}R>)U#8Y#Jz6ZfUy~o7;c7XhjFac)sn>eq5l_4;7At!E zI=T7dLS=4IOTThwJi@dtDb~$#UL(i5+ezwfebS3ANr>%8%rx3^DIV8);}Lvg)zn`d zuWhvpN+)o7^>Lf93}atHjZM9IX|U`IcEUtL2Btb-g7E_fivXpLi{(KGUq+Tb@zfGD z7sCuC%Q|#^MRrgoQ>morNltG5h|!TE=lHR&03#Wtal$Bewj8 z3h+9atToO=_n^3IOiQ>)#4bAx5uvy%9Q`*y%RRR!8nZSX z9ur!6QSUzTPV3>Ohs9m1Y_cAfy9TdsI~0y4i@WyAwq7lo?N0B~-X2svUB}00-OcF- zo6_|(zW2E)cmD53n49(zRpHYrw#|q=X1h?9d zDfgrSQi#5apN=?>zmFM(1QUmUC<=Q*MK+{3XDAA@VDYn%hFxUZ@iVA=n(6*tHpBmP z2WbZRC1H_5#KhCTpggNM^zhgUn<2Fgtj2fqFb3hf2>L9~Ln;SbZu zzT#*{{B}ew&;a(?B2awRd+XM~mrg%wTnD0ElI|n(Vy#kW)7(;KY`k4jOz19)_VBz_Q>`eRpReIvA_LJ0heQgm4{#2bal9WBUr_ zamL%T2ybd+q(1wq`XLkEd6=8jVR&D>g!#_5-_5(z5GN!-cp$>sLEjFT2Iyg$GaM;3 zN?Q4(DM#853*P4+4$_ zm&{=}dnj0v+jt`j25{Q7D4P}R3*5r;_HpYDEs2+w#3tZ)>Uy z1iCQ!o<(ygMaXB;#TakMqA+*Ra!SL=L&+M4XfU%)|lX;R3C zF}tGHcg=G&ROm1-#w1K2h)irdqPDC;INVdTz_Ji72`CvqL??Z3r%}3IFuYtBZ#3?f zXoV?v(?Bno10m8qW;9x31sBa>1&eYKGttU`(xvakxC%o4W5$n2qQNy=V!t(U-VU6) z0d|@vB~VOKsTL?-nIj*21jigN=yZ9JW6E7(9yS7Ep4YKn%qw$j5%YfFXa=~L_Y9Ba z#k`+8p62CWJD%g|%Z@No7HV-E=V_S(R3L&U+bSV&u@f(mX692fT5^nrYmwWzhscOf zQ0~z$uPpWGAIc?6dqe`z5#<($Qera}<$4PCG<*RChB(-(pS~Y6G#yR+IMe@VtOj$z z%tOw@vDM8l1%VOP=)I=fS?eifw%ojZW;}z1isA|u-QL&BuFK=E!P~yI5`=3Y`)y3p|a_q=ime8m=Q9v9{oHKUF3|DQe2ixJP70TBVO^B zf74#%vhwJ^Yl665H+o_0WZJlV!110pvbcg^1?*MqWNj}1z*~UseIz@>dDt`Xku??% z8D7jFra|Q9VM6{u6#m6daSR|*@wV|=%W3=IkJ3ew@ zwFWb^3$q)?>AhN)oh2{K)-z(6EV$6lLbN+vYG*zn`WKAwd2m4?`tm;j#sEjh0-uMD ziJd~M_Vb{`7Z8no9uN~dgxD>g2PN);5Yr;Tr71fv{1OBgf^;v57k&AR8OjBDc%s@ z!eTf&Be+oz`hV_t5{a%j99X@Q8>_1XORWi`2uH*H^Bw(kNPhw@0~?9^9AATyT6NS?YK=Fv|V>9zPB~p{!gf2Vi6oGR&Ok8 z1i`n^uxi!FNMFWC@!oavY7Dfa-VJQ7mwp16_W!_-tR0ttrSF)rZ9-9N_@$pw!!Pke zmCjQHosA90M0aR&a)$&O;f&pS6daGohvLT9VC5KY4|13fO!}J<`8Xa&%Fhh2qNA&^ z(JU#!oM|i5WTbp9cu&bfZ$+o1}e=1Ak;2zuYboQ&aB*SYBVe7l&a=O5gt2N4z^iZ#DbqfuqO! z-uZL)(fvn{AKf2I`BV3wPe1_qNB3idDv(~~4b?d6ibMX)uED9!9t0wJJW)+S^H5*Niq6f86VE zVVbXmR)}(2@AEcdbX&>L(d~|hD#6f)$P#aBel4>S2LHjM;iEN<2m7ZukUZpW>+y!x z+n8^n<4uRdm9hKjdvLhYHiuZat#3cW`M{L^6XN%~#iBzkhgExP|BjT_^DteZ^-23& zwpslrwxxRYt*p?R&a1frdvPZ&bt_Ta6(pW zA}7idTAAt9|HASj-n@&pBkoYmjl!@VjM4$4m6pSZ@EQ2H&FDfbI}8m?=^zgSrIB}@ z5wLKK66!>A2cw}WhzTef3GztT@ah*$_`KsR4_;var!$C;oQT@rkV6xv7~`q8ei|LU zdfb~g6df3YWz^q}UqNJj(5W#;PalgaWBbP4>4f#Iaa2vwAY<+d$qKU2w;l80dr1yQ zQzroiLOQ@icCZrqfGenp4tTKU-$5?!gj|koca)G|nAVd*idCX7xul0l1KF_}2m5oh zZ-0O6kt6*l)YlX2CJt2L5Xm9)i#quw;lTIjVSPQiLe>UvbnAz_q2-rkaTyL}JOyX# zuP+Kt)5CByS~SIT4^mjcK;v0C zuQ&G7(4re(#45u^4MWPEG|=}3F2uuLpRp`7XAr8~kPOvhM!v>CO7t+P$ zy>9YiM+W61@6eRw_yGz~3kCy{J4p66rAYr>(X>PIk&|xQJ9^0_XfKn+Uml9}Yj=a6 zi&L;J&tSthMxRU^0=uP37EA#jFT#lIV|m?PTOaGXnB*-u!Nlc**nvfPOa|v(Fa#Uz zA(H~)1GjjCw>g5>wv&JL+|v$0&3(NzHp8q!6A!b3Lt@AQTbnAlk_65-FzfjY z_7t}7ttkT5da}b2T4>V-)0MPM`!nL<*oQLYh!FS8z}eQrvVKs_@<4wf0qoMkpww)7 z)~49|XTE`xvDlcSsn600S?{4ixgcDhjjg-YLCrjB#Ila2hAc20DPp4W!{*9vnkks9 zE_dF(W6`(z9>{okM0;P7ZCQ)D<6+JFkh1(yQY+by|7 z1rHQNj;AhY`eM@y*o+Q8m7rGk(Xeh za-4Ac3Y~3`9IRunVQZpBZQf@73JtZzb z81rEsbPc(UqHnkXy~pkRfV%-h#E~#b4WD2W9(&{Mac5(=T^jo+@ka zB{3b2h0X9f@?~xB4ANZ-cPR`g`h15+TyoMIs&H&$dJPUl`!oYjG1`F|r>~f3L8e30NPEd3 zdB7xa<1}7k6qppL<7j0LPuW`lPGT33x@7DEgt_= zE_9*M14o56@vc?n$j;kk|p+Ldla`S=LSOqMjT`l}2chBT%C3Jg_^k`m`Pd-ZwgUTSnhAz`al=h67sHHuli&E%crqGnnj}K;` z&26i3WXc75AH9*btT{&dU!iLxf*#=>vs)%67nhq01hFLrcSm0RmB*9kPgl}$>ygUh zk=R*}eoSs&FkQLToA*j_>v>Y-IkNs1%KGbICT47+UU$|)9m|%Rci5(@ucJG3G%3ap zEojs^(FbWTv15r%GxA}}8z%uY$pO=?^(50ANNrHiYZE(`4{<57uD4TyKM)06tH&0Br7l6SgP>?1;u)|&xs9N*gLi2| z`GIj5V;?q*%d_>nV%IRdjmT!fd$4Q#3U-YFd+<6C)!M(+(fpb;&<~np*JCb|wG;W; z#q`FEP5l{Yw;hR{Xzg$Mf%YmSv0#?i`g2T+n0Tw$`gLS6ndPuz2efEDLW9QJ(Uj~^ zXCx+*($n(Kqb6}*ViND91b;r6PhuUPgxGo)rs_O3Y6_xufu?YP?|JXb)nX^qip|DER2+{*U8!VAXkj20Ur*|o%e8&n88`_jJLz6-EFIutivpn* zK?CEh`-}8$WxTsBtQ{BUC#!Z@d*>Khy50Km>9mWI2lmis{W^6ON}*t-USbkcCdgrr}_q1V=IHqa-(M5~xY zv_9q}Cem&>A6%7pzkm_V-Ez@&{c=2l{W1~Z!G0O1>#@m2&VIR*Y7p^oEOO^Alt>%a zv(T^k{N1>l%P~aUhPuIR+yZueV!z$!myl%ZDYxi3&aep93y4lzPpNi&|=i z>cOK=Cm0Tc`5^KF%m$dfnznDNIorL&FS+29sQnVe$icfv@t@(d-R>yEYECiqv2@NM zwoS*$0PQqS6dV*E+ey&2y|F!U#Zg6HwCHd18v^4eV7RRBUHw4xc3i0pvm!C=*tkTF z9u0PZkwyA(cs`;hm-+Uxc}PWXjU(6Es^S2ZB>0bp)f$*s~R*7y#9!L?lYWn!jPy92evOh$K^II4t~dfj;G#8r4C z9O2^&w>MxEqepZlcD%3?kb0)rYM{lmoGsr4pI8vb49+bwbB05ABxyq#iioQnZTrqkf^s_guNaoc z@v%nC5&LsIlCtP>o-%%QlI8-Lx(iO#=OzHGcp?F3ga9QMyyX_XvFJAjktew;hsY+H zGXG9Gw)%U4W5>(9lKIY1yz=8H+}w{4giw4jItald5N8v7zXY?cVU35Pw5YVDBK7XInU#^ zVZET{QAF?Z1_P^c#jw5vJ(zwE)cPLWUfh$Lz>U0Qj%^J#d|GXU5spHFh!^M4O@?)V zO*a`76@exbGZ52thGeC4tTdNW(QORh5NMzeyO5oGXwC`lB;I?v&iAC@Ao9FAHFg`l zM-+FZ6`T=Ueh(bjbK979!bTtvb?agE9bDvC@4aw;Lf5Jky-=5ZV#~iH>-FtpFWRgR zj>x<4LMN>OJFhVNQkv(*X6xh8BW&QHC+`*Sv_5ZZuUh2U9Un43u^Y^HVrG}6p-kB0 zgKSzaf#DS31kMe5@P!k8ixWWmeNMA7orRXznC)UrH0OcS+_0_SEbT@PBEVKpMehbI z4%W}%jCK$x?DZ1|dJr%QO6D`z#hZEcLp(NPUD4!o>_>1LO6oK51M0_-o$tqqBkhT~ z0muU+;xG3x?Lu}v;#s#iXmHs?$#o<^N}?5UDlZ(+v|Ic1(P9|*FC!v!oWKX59E_K=ovWZb>fKT5X-yB1`e@l zc;Cwu?YzVF*pcebWdE<#kS|Iw5wg zDQEPz@hT;?;Ea0qN!*RlTV%nQK>W6$F!I)ypD`EbK6rw;*uDsSwr)(r{5rmvZ-lBdo{XK6gV~t<2eDLo*pYHZj^m8w$Zu&ZuW!HnGG&5k z1%2xEMRYBUbKBRfVWSjm92Zk##}hp483VJh6Hl zdl3YhchS=_BJE!UG^j6W-@-Gn4aS!-4cu8!Iy|ujq-6 z0X(fjrq467v86I^tey1Q>to4$&VzSXR*r?X<+oGxDyHIqYEeGx(FReX2W@n(jW>j= zrb$qCeNZXEo$(2D18%(2zVSZPvz{~?pjq%vCzV1iX?@sXuz`Ly4f=VE%_z*HdL4iK zp+5qZo-`gs<9c%Tw3JHmqUPJch;1m&6IrkkXEe)m5dz>O7Dnn8cMvx^3pJZj zk{!b)VlWK{uYC-$bMg`?)<;*<*e~LOHn|jrF7JaDI^)5buI?KEtd+R7}$gb}j_f2@36;R_9{kV_X2l})b zO%JV$-NwD55OeS$#TO1K*T20GC4iA&I_|P-rhw2jL$xwk7SP z=ghaG$y9O;8+4c~lyOYKr^)N1n`q;%@yX(EgrZ-ERIS6fKN6qh4wx>1SViw!u(en+ z#~Z9eR0?%rxLL*;E_2NByxCE7mrF2a(^~Weno2yr*EpxS zg*?$Y5txnB{KBor_zSrybi?*`kMq1iMy$BtNtY2B%<EvByDws3e|#u#IPfY0uj6ez;fC z(_m@vNMH#9`X$)_f>B;ViUlR0CrL|kVJI<|B_KNzT}j;0hdPr0+5WEpg2jNPzKiMi z*`qju#yb-IBU*LF`zYX&1}7-nD2BpIkoa+O##l;RZN!$B(Onzb(U{_DyDPGDD2`~g z@p}D?_Wpvd!7BUZ2DtD@IC;O@|VX z73uXA^b=NLajErs3Uh8sHU6CxWB5hWs144j7hU7|?d>sum8{`0Nc=clnfbtJGQZTg z@mJSLIBn?1!zu(a-yw0*BPhJ;DV&BDLqp9P6rPxjcX|ydB>v!%#P%7VH5KaS4Ku52 ztCh9V;=20A^7;yYg%qgXSX*8rO|OuYI>}d6T~kr-ubq_vJfq?7_51wQ4Wq$12p?@U zoNS_y8mpBmsl?+Zy#A(Y1wDBc<)wg9uBZVtnK(YLe`9$-QvCIst82>%&xWldH2)o) zi)aE@j5soww4|=CV#8K{g7VSh-mBKuR@ZKns%xcyUkOxKNSo^_{I^MgI;qlR6}6Un zmXww)F9B3Q@t0fVU%{tkb&6E~58+a({8C+g^+wF9CNZJh=@oei>aOH}sT$bgudN^= z0{)sxsY3OWyvoY%xB8;nuz010>4BAj@{Rtv()56|rf!Q;U01tS^3`qLTwYrttyxoE zzj3WJYu2o_85tv;ssmCvkZs;l4tDV6-z~Rz2B!;dQSYTh0M!qw@P)DQnkY8?}Mny`HVov%myO9!C$|j zF5pklRZ?GFtAJG-)Q!*p(mSZx=5i7g@hzZK`0MNWOlDS5_bPwQmPB8qW_Lar-m)3O zg1kY7sr+WoRo1`(!fJgIJ^hkTt;b4NBv8fyM*3zfR%>b`j+m69p}e}Ld;_!sT!PRf z=s}gDYzfSrJ$oaTxw>H%G;8+#pm6rEHj(}K1Qi5}H`bSLmPi8wYctB~w~~fh(*p;j zN*YHSQ*6xdSUNGoHMb;Jn6Oq=Bs?(-~$ky$2ti`==U<;oLC5W;BX7c6C> zltedzfmXgSqpD$*PjIg+UbxP)%u}|`U9@oJ62UpDrnIQ66o0y#e}(C?CInf+0w~1) z(G#B@AY+mtR6$K@{Oip1FU+p+H_Wbu%s#{I3^#ddYWy3qwl{25{IFtQQT??(zu>Oh z3{xP1jdk_Hz5ak&qwp0~@844I4?salFapW5TvC*+LJ4_-0N2jAYv4Qv%WweVi`>K1Zd zfvxZyny+xvAg@kUt^}@B1K=d9 z3z(+8uCaEwpw`y=%Y9W`JaPr12KWmI5*>tv^>v&4wbGVqaLhA%xh33$Jghl@ujOVp zVPQ?3ZGAp^EbgiksvwKi<D3os9yrHh9+Q*rUs=6&)KWfW2lgqV$%8-FGh0%vw=EL&ITQa~* zIVEs~zWVAdN?rXZGb$`BueiFI^vd*W36&(E1beu8@}Ws1h2gPD3j)-Y*f)BFVa=+5 zig4aG)~Se#>U=QzLMg&8zqQ7Eb+92^geCRR1EDNdYfVL> zwZ?-5a?_@?5?%-kfr0?Y&|EYgEL5esvKnaXu|N<;3U0n^OxFo-2Tj^c6X6SOWC2)E zq?@Ff)*>^(1Ek7)l?4PZ7$H?5(AeOIGy;Ci31gJh*C} zn#tlOY)t?>^(!DW07qb&7fT)^8d_|*-4WRgkJ*T*W+R_Iw;&d_;b!9A$ULv8M$83k zKrAigB$!C3!$=FQg^|*5_sa6kWJ9imO{~pNYUGB%Vv~>nyppzMex(sEkw&v^go?V9pDI-k?@iLLE$7I>HER#)vu)B9h4(;Q~=LQn{$Smd_G_mQ-E| z`-(`N4DQ=Thj_y-@xPTRn|AYc<7`RE*W5ED zGdpGMjpJ|nVpVP3malA(QpboBCQiEEer;N=V{%Sh{ST~paP33u)|dM#{FNK4AKp|`A5gYFvTeH{2Lk?j?i?x+>G>=8t|8ZS_{dk} zWe9VnYRh?>n~Av+s?2O+HNgHL*0)S5+GneQ`q{8O5!E=a!fq;SgC5I>{heB+DfB&SC$j) zSEmX1|KDlaRrGus{x`mOC7quJ_j&b+c_rZPwdUWHYvNC|U!5l46L5+0)oGiBug0SH zE(>qxr_lestN0(b;IGD;nE!SQ&o8b@pRmgRVx|AvVb14jxP0gBU%KPYFW)t%Kwh}W zU9?!Z>N7#e5GG8Z%R3>}Y@%~{{KH(DV}&u)$Lg5? zrW6q72bjlE`#1rA(3(!w>C`yfo`4%pGlz2m{%J6L_)of7jbAe}3TQaX&-kp8h%|+M zgmkkSzoXkNFe{-~m5C4j=^a7fKj~&Qe(^t@l1`jRzn}cMqMbAEli`MIM{@wo5r{*e z)~x=Ya%g7$>KXZ~rTo=1^P6VmH%a+T0=D6TXW3$5nY>J>Ew2@32{UJ4z78p_48r&}Q@J>IQ|&U|YW?7_ls?T1Ts)=hwnXm#CB^A>7zgEHyj>4N z0mHc33FFi>jN{rcm>I^NI}CjbL-=9vDGdIEA>A-U8iuUG5KtJJ7={$WlkmmWVt6vX zxG4!=hwt_H-hl5Ed~d`Tf7BYracdZ~{t9!6VEhQik6`==#*bk92*!_K{0PR6VEhQi zk6`==#y^7bBN#sdb;NVAO!Uu0|4j7HJVNtN=!xx-dj(rlw(W+@H2aen2;=jw^y_$> zFG4vhTT9xQk!5FNmuK09JJ3#dTqS7F0YSpTtn4R}pC(Buqma;f2KdCVzOF|8L zF3hsuV=hq|Pr-N23-LJSIsCZ|xhL>-pvk}n z>gfAfpU?BJpVgPzETi{#VAtK{`n$T%s#s~k&$iMtE7pG&I85T-eR#a^ceVf1idlgw z>@9HMAk3mua$%N&J*6Gv$duOJMZpYCRx3J-YuHtN$6RQ#JiD|ESN^E&w*-ivIKu z4btcSxjgyY@nK7N|AZWyt^Unc|0fcLz(i+JXBCi4zp8)sau;vRUd|KYq?ru=!X91m znT--`(FmO->&^BOGr1c6>he5*!Hy00r+?#zKK6gG{}R9w{}Xbee>8|b+5cdFFJMRa zcUk>iR{!-^3EV}JBgA{jk)qK?u;|NBN)B7YS* G!v6(=-J-+* diff --git a/ansible/roles/dashboard/files/nginx/nginx.conf b/ansible/roles/dashboard/files/nginx/nginx.conf deleted file mode 100644 index ff0f9a79..00000000 --- a/ansible/roles/dashboard/files/nginx/nginx.conf +++ /dev/null @@ -1,97 +0,0 @@ -worker_processes 1; - -events { worker_connections 1024; } - -http { - - sendfile on; - - gzip on; - gzip_http_version 1.0; - gzip_proxied any; - gzip_min_length 500; - gzip_disable "MSIE [1-6]\."; - gzip_types text/plain text/xml text/css - text/comma-separated-values - text/javascript - application/x-javascript - application/atom+xml; - - # Configuration for the server - server { - - # Running port - listen 80; - - location /health { - - return 200; - - } - - location ^~ /static/ { - include /etc/nginx/mime.types; - root /sso-dashboard/dashboard; - } - - - } - - server { - listen 80; - - server_name sso.mozilla.com; - - location ^~ /static/ { - include /etc/nginx/mime.types; - root /sso-dashboard/dashboard; - } - - location / { - - rewrite ^ https://$server_name$request_uri? permanent; - - } - - location /dashboard { - - rewrite ^ https://$server_name$request_uri? permanent; - - } - - location /metrics { - deny all; - return 403; - } - - } - - server { - listen 80; - - server_name sso.allizom.org; - - location ^~ /static/ { - include /etc/nginx/mime.types; - root /sso-dashboard/dashboard; - } - - location / { - - rewrite ^ https://$server_name$request_uri? permanent; - - } - - location /dashboard { - - rewrite ^ https://$server_name$request_uri? permanent; - - } - - location /metrics { - deny all; - return 403; - } - - } -} diff --git a/ansible/roles/dashboard/files/nginx/start.sh b/ansible/roles/dashboard/files/nginx/start.sh deleted file mode 100644 index 61cf89ab..00000000 --- a/ansible/roles/dashboard/files/nginx/start.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -python3 -m gunicorn.app.wsgiapp dashboard.app:app --worker-class gevent --bind 0.0.0.0:8000 --workers=${DASHBOARD_GUNICORN_WORKERS:-5} --reload & -nginx -c /etc/nginx/nginx.conf -g "daemon off;" diff --git a/ansible/roles/dashboard/files/sso-dashboard.ini b/ansible/roles/dashboard/files/sso-dashboard.ini deleted file mode 100644 index 8b7a07ba..00000000 --- a/ansible/roles/dashboard/files/sso-dashboard.ini +++ /dev/null @@ -1,19 +0,0 @@ -[sso-dashboard] - -debug=False -testing=False -csrf_enabled=True -permanent_session=True -permanent_session_lifetime=86400 -session_cookie_httponly=True -logger_name=sso-dashboard -preferred_url_scheme=https - -#Optional secret values -#oidc_domain=auth-dev.mozilla.auth0.com -#oidc_client_id=redacted -#oidc_client_secret=redacted - -#Ops features -enable_prometheus_monitoring=False -prometheus_monitoring_port=9000 diff --git a/ansible/roles/dashboard/tasks/main.yml b/ansible/roles/dashboard/tasks/main.yml deleted file mode 100644 index c3c620e3..00000000 --- a/ansible/roles/dashboard/tasks/main.yml +++ /dev/null @@ -1,136 +0,0 @@ ---- - -- name: Install dumb init - get_url: - dest: /usr/bin/dumb-init - url: https://github.com/Yelp/dumb-init/releases/download/v1.0.2/dumb-init_1.0.2_amd64 - mode: 0775 - validate_certs: no - -- name: Install EPEL - yum: name=epel-release state=latest - -- name: Install Build Dependencies - yum: name=gcc,libffi-devel,python-devel,openssl-devel,curl-devel,python36,python36-devel state=latest - -- name: Install nginx - yum: name=nginx - -- name: Copy the config - copy: - src: ../files/nginx/nginx.conf - dest: /etc/nginx/nginx.conf - -- name: Copy the config - copy: - src: ../files/nginx/start.sh - dest: /usr/bin/start.sh - mode: 0775 - -- name: Copy the everett ini file - copy: - src: ../files/sso-dashboard.ini - dest: /etc/sso-dashboard.ini - mode: 0775 - -- name: Install git - yum: name=git state=latest - -- name: Install Pip - yum: name=python36-pip state=latest - -- name: Install Pip - yum: name=python36-pip state=latest - -- name: Install rubygems sass compiler - yum: name=rubygem-sass state=latest - -- name: Install credstash - pip: - name: credstash - executable: pip3.6 - -- name: Create Flask User - user: name=flaskapp state=present createhome=yes home=/sso-dashboard group=root - -- name: Copy the Requirements - copy: - src: /dashboard/requirements.txt - dest: /sso-dashboard/requirements.txt - owner: flaskapp - group: nginx - mode: 755 - -- name: Install requirements - pip: - requirements: '/sso-dashboard/requirements.txt' - executable: pip3.6 - -- name: Copy The Application - copy: - src: /dashboard/ - dest: /sso-dashboard/ - owner: flaskapp - group: nginx - mode: 755 - -- name: Cache busting - file: - path: /sso-dashboard/static/css/gen/all.css - state: absent - -- name: Cache busting - file: - path: /sso-dashboard/static/js/gen/packed.js - state: absent - -- name: Cache busting - file: - path: /sso-dashboard/data/apps.yml-etag - state: absent - -- name: Create the logos dir - file: - path: /sso-dashboard/static/img/logos - state: directory - -- name: Install credstash depends - yum: name=git state=latest - -# Allow nginx directory traversal -- file: - path: /sso-dashboard - state: directory - mode: 0750 - owner: flaskapp - group: nginx - recurse: yes - -# Allow nginx directory traversal -- file: - path: /sso-dashboard/static - state: directory - mode: 0750 - owner: flaskapp - group: nginx - recurse: yes - -- name: Install patched pyoidc - pip: - name: git+git://github.com/mozilla-iam/pyoidc.git@hotfix_unicode#egg=pyoidc - state: forcereinstall - executable: pip3.6 - -- name: Force python openssl - pip: - name: pyOpenSSL - version: 17.3.0 - state: forcereinstall - executable: pip3.6 - -- name: Force cryptography 2pointo - pip: - name: cryptography - version: 2.0 - state: forcereinstall - executable: pip3.6 diff --git a/cloudformation/alert-feeback.yml b/cloudformation/alert-feeback.yml deleted file mode 100644 index 78424865..00000000 --- a/cloudformation/alert-feeback.yml +++ /dev/null @@ -1,18 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Mozilla Single Sign On Dashboard Alert Feedback Queues" -Resources: - AlertFeedbackSQS: - Type: "AWS::SQS::Queue" - Properties: - QueueName: "SSODashboardAlertFeedback" - AlertFeedbackSNSTopic: - Type: "AWS::SNS::Topic" - Properties: - Subscription: - - - Endpoint: - Fn::GetAtt: - - "AlertFeedbackSQS" - - "Arn" - Protocol: "sqs" - TopicName: "SSODashboardAlertFeedback" diff --git a/cloudformation/roles.yml b/cloudformation/roles.yml deleted file mode 100644 index ad554559..00000000 --- a/cloudformation/roles.yml +++ /dev/null @@ -1,315 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Mozilla Single Sign On Dashboard Roles" -Resources: - SSODashboardRole: - Type: "AWS::IAM::Role" - Properties: - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Principal: - Service: - - "ec2.amazonaws.com" - - "ssm.amazonaws.com" - Action: - - "sts:AssumeRole" - ManagedPolicyArns: - - "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" - RoleName: sso-dashboard-delivery-server - SSOInstanceProfile: - Type: "AWS::IAM::InstanceProfile" - DependsOn: SSODashboardRole - Properties: - InstanceProfileName: "sso-dashboard-instance-profile-v1" - Roles: - - - Ref: SSODashboardRole - SSODashboardCodePipelineAccess: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "s3:GetBucketAcl" - - "s3:GetBucketCORS" - - "s3:GetBucketLocation" - - "s3:GetBucketLogging" - - "s3:GetBucketNotification" - - "s3:GetBucketPolicy" - - "s3:GetBucketRequestPayment" - - "s3:GetBucketTagging" - - "s3:GetBucketVersioning" - - "s3:GetBucketWebsite" - - "s3:GetLifecycleConfiguration" - - "s3:GetObject" - - "s3:GetObjectAcl" - - "s3:GetObjectTagging" - - "s3:GetObjectTorrent" - - "s3:GetObjectVersion" - - "s3:GetObjectVersionAcl" - - "s3:GetObjectVersionTagging" - - "s3:GetObjectVersionTorrent" - - "s3:GetReplicationConfiguration" - - "s3:ListAllMyBuckets" - - "s3:ListBucket" - - "s3:ListBucketMultipartUploads" - - "s3:ListBucketVersions" - - "s3:ListMultipartUploadParts" - Resource: "arn:aws:s3:::codepipeline*" - PolicyName: sso-dashboard-read-codepipeline - Roles: - - - Ref: SSODashboardRole - SSODashboardS3Access: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "s3:GetBucketAcl" - - "s3:GetBucketCORS" - - "s3:GetBucketLocation" - - "s3:GetBucketLogging" - - "s3:GetBucketNotification" - - "s3:GetBucketPolicy" - - "s3:GetBucketRequestPayment" - - "s3:GetBucketTagging" - - "s3:GetBucketVersioning" - - "s3:GetBucketWebsite" - - "s3:GetLifecycleConfiguration" - - "s3:GetObject" - - "s3:GetObjectAcl" - - "s3:GetObjectTagging" - - "s3:GetObjectTorrent" - - "s3:GetObjectVersion" - - "s3:GetObjectVersionAcl" - - "s3:GetObjectVersionTagging" - - "s3:GetObjectVersionTorrent" - - "s3:GetReplicationConfiguration" - - "s3:ListAllMyBuckets" - - "s3:ListBucket" - - "s3:ListBucketMultipartUploads" - - "s3:ListBucketVersions" - - "s3:ListMultipartUploadParts" - Resource: "arn:aws:s3:::sso-dashboard.*" - PolicyName: sso-dashboard-read-buckets - Roles: - - - Ref: SSODashboardRole - SSODashboardCloudWatchAccess: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "logs:CreateLogGroup" - - "logs:CreateLogStream" - - "logs:DescribeLogGroups" - - "logs:DescribeLogStreams" - - "logs:PutLogEvents" - - "logs:GetLogEvents" - - "logs:FilterLogEvents" - Resource: "*" - PolicyName: sso-dashboard-cloudwatch-log - Roles: - - - Ref: SSODashboardRole - SSODashboardECRLogin: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "ecr:GetAuthorizationToken" - Resource: "*" - PolicyName: sso-dashboard-ecr-login - Roles: - - - Ref: SSODashboardRole - SSODashboardSQSSend: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "sqs:ChangeMessageVisibility" - - "sqs:ChangeMessageVisibilityBatch" - - "sqs:CreateQueue" - - "sqs:GetQueueAttributes" - - "sqs:GetQueueUrl" - - "sqs:ListDeadLetterSourceQueues" - - "sqs:ListQueues" - - "sqs:PurgeQueue" - - "sqs:ReceiveMessage" - - "sqs:SendMessage" - - "sqs:SendMessageBatch" - - "sqs:SetQueueAttributes" - Resource: "arn:aws:sqs:*:*:sso-dashboard-fluentd-sqs" - PolicyName: sso-dashboard-sqs-send - Roles: - - - Ref: SSODashboardRole - SSODashboardSNSNotify: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "SNS:Publish" - - Resource: "arn:aws:sns:*:*:sso-dashboard-*" - PolicyName: sso-dashboard-sns-send - Roles: - - - Ref: SSODashboardRole - SSODashboardCredstashRead: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "dynamodb:GetItem" - - "dynamodb:Query" - - "dynamodb:Scan" - Resource: "arn:aws:dynamodb:*:*:table/credential-store" - PolicyName: sso-dashboard-credstash - Roles: - - - Ref: SSODashboardRole - SSODashboardAlertWrite: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "dynamodb:DeleteItem" - - "dynamodb:DescribeLimits" - - "dynamodb:DescribeReservedCapacity" - - "dynamodb:DescribeReservedCapacityOfferings" - - "dynamodb:DescribeStream" - - "dynamodb:DescribeTable" - - "dynamodb:GetItem" - - "dynamodb:GetRecords" - - "dynamodb:GetShardIterator" - - "dynamodb:ListTables" - - "dynamodb:PutItem" - - "dynamodb:Query" - - "dynamodb:Scan" - - "dynamodb:UpdateItem" - Resource: "arn:aws:dynamodb:*:*:table/sso-dashboard-alert" - PolicyName: sso-dashboard-alert-write - Roles: - - - Ref: SSODashboardRole - SSODashboardConfigurationRead: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "dynamodb:DeleteItem" - - "dynamodb:DescribeLimits" - - "dynamodb:DescribeReservedCapacity" - - "dynamodb:DescribeReservedCapacityOfferings" - - "dynamodb:DescribeStream" - - "dynamodb:DescribeTable" - - "dynamodb:GetItem" - - "dynamodb:GetRecords" - - "dynamodb:GetShardIterator" - - "dynamodb:ListTables" - - "dynamodb:PutItem" - - "dynamodb:Query" - - "dynamodb:Scan" - - "dynamodb:UpdateItem" - - "dynamodb:UpdateItem" - Resource: "arn:aws:dynamodb:*:*:table/sso-dashboard-apps" - PolicyName: sso-dashboard-configuration-read - Roles: - - - Ref: SSODashboardRole - SSODashboardTagAccess: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "ec2:DescribeTags" - Resource: "*" - PolicyName: sso-dashboard-describe-tags - Roles: - - - Ref: SSODashboardRole - SSODashboardCodeDeploy: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "codedeploy:*" - Resource: "arn:aws:codedeploy:*:*:application:sso-dashboard-*" - PolicyName: sso-dashboard-code-deploy - Roles: - - - Ref: SSODashboardRole - SSODashboardParameterStore: - Type: "AWS::IAM::Policy" - DependsOn: SSODashboardRole - Properties: - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Action: - - "ssm:GetParameter" - Resource: "arn:aws:ssm:*:*:parameter/sso-dashboard-alerts-sns" - PolicyName: sso-dashboard-parameter-store - Roles: - - - Ref: SSODashboardRole diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml deleted file mode 100644 index 1787334d..00000000 --- a/k8s/Chart.yaml +++ /dev/null @@ -1,2 +0,0 @@ -name: sso-dashboard -version: 0.0.1 diff --git a/k8s/templates/00-namespace.yaml b/k8s/templates/00-namespace.yaml deleted file mode 100644 index bde689ab..00000000 --- a/k8s/templates/00-namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.namespace }} diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml deleted file mode 100644 index 380923dc..00000000 --- a/k8s/templates/deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.name }} - labels: - app: {{ .Values.name }} - namespace: {{ .Values.namespace }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ .Values.name }} - template: - metadata: - annotations: - iam.amazonaws.com/role: {{ .Values.assume_role }} - labels: - app: {{ .Values.name }} - spec: - containers: - - name: {{ .Values.name }} - image: {{ .Values.registry }}:{{ .Values.rev }} - ports: - - containerPort: 8000 - resources: - requests: - memory: "768Mi" - cpu: "500m" - limits: - memory: "1024Mi" - cpu: "1000m" - env: - - name: AWS_DEFAULT_REGION - value: us-west-2 - - name: ENVIRONMENT - value: {{ .Values.environment }} - - name: MOZILLIANS_API_URL - value: https://mozillians.org/api/v2/users/ - - name: SERVER_NAME - value: {{ .Values.domain_name }} - - name: DASHBOARD_GUNICORN_WORKERS - value: "4" diff --git a/k8s/templates/ingress-controller.yaml b/k8s/templates/ingress-controller.yaml deleted file mode 100644 index 7bf9ac08..00000000 --- a/k8s/templates/ingress-controller.yaml +++ /dev/null @@ -1,190 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: nginx-configuration - namespace: {{ .Values.namespace }} - labels: - app: ingress-nginx - k8s-app: ingress-nginx -data: - use-proxy-protocol: "true" - enable-vts-status: "true" - proxy-buffer-size: "16k" ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nginx-ingress-serviceaccount - namespace: {{ .Values.namespace }} - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: nginx-ingress-role - namespace: {{ .Values.namespace }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - - services - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx-{{ .Values.namespace }}" - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - - events - verbs: - - create - - apiGroups: - - "extensions" - resources: - - ingresses - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: nginx-ingress-role-nisa-binding - namespace: {{ .Values.namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nginx-ingress-role -subjects: - - kind: ServiceAccount - name: nginx-ingress-serviceaccount - namespace: {{ .Values.namespace }} - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-ingress-controller - namespace: {{ .Values.namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-nginx - k8s-app: ingress-nginx - template: - metadata: - labels: - app: ingress-nginx - k8s-app: ingress-nginx - spec: - serviceAccountName: nginx-ingress-serviceaccount - containers: - - name: nginx-ingress-controller - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1 - args: - - /nginx-ingress-controller - - --ingress-class=nginx-{{ .Values.namespace }} - - --watch-namespace={{ .Values.namespace }} - - --configmap=$(POD_NAMESPACE)/nginx-configuration - - --publish-service=$(POD_NAMESPACE)/ingress-nginx - - --annotations-prefix=nginx.ingress.kubernetes.io - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - # www-data -> 33 - runAsUser: 33 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 900m - memory: 1024Mi - requests: - cpu: 200m - memory: 256Mi ---- - -kind: Service -apiVersion: v1 -metadata: - name: ingress-nginx - namespace: {{ .Values.namespace }} - labels: - app: ingress-nginx - k8s-app: ingress-nginx - annotations: - # Enable PROXY protocol - service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' - # Increase the ELB idle timeout to avoid issues with WebSockets or Server-Sent Events. - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600' -spec: - type: LoadBalancer - selector: - app: ingress-nginx - ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https - diff --git a/k8s/templates/ingress.yaml b/k8s/templates/ingress.yaml deleted file mode 100644 index 8b524db3..00000000 --- a/k8s/templates/ingress.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - cert-manager.io/cluster-issuer: letsencrypt-production - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} -spec: - tls: - - hosts: - - {{ .Values.domain_name }} - secretName: {{ .Values.name }}-secret - rules: - - host: {{ .Values.domain_name }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ .Values.name }} - port: - number: 8000 diff --git a/k8s/templates/service.yaml b/k8s/templates/service.yaml deleted file mode 100644 index 155603e8..00000000 --- a/k8s/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} -spec: - ports: - - port: 8000 - targetPort: 8000 - protocol: TCP - selector: - app: {{ .Values.name }} - diff --git a/k8s/values.yaml b/k8s/values.yaml deleted file mode 100644 index c28f6e9d..00000000 --- a/k8s/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -name: sso-dashboard -namespace: sso-dashboard-dev -rev: latest -assume_role: -registry: \ No newline at end of file diff --git a/k8s/values/dev.yaml b/k8s/values/dev.yaml deleted file mode 100644 index 76d0f7ac..00000000 --- a/k8s/values/dev.yaml +++ /dev/null @@ -1,7 +0,0 @@ -env: dev -environment: Development -domain_name: sso.allizom.org -namespace: sso-dashboard-dev -assume_role: -registry: -replicas: 1 diff --git a/k8s/values/prod.yaml b/k8s/values/prod.yaml deleted file mode 100644 index 0db3b6d6..00000000 --- a/k8s/values/prod.yaml +++ /dev/null @@ -1,7 +0,0 @@ -env: prod -environment: production -domain_name: sso.mozilla.com -namespace: sso-dashboard-prod -assume_role: -registry: -replicas: 3 diff --git a/k8s/values/staging.yaml b/k8s/values/staging.yaml deleted file mode 100644 index 03a8995d..00000000 --- a/k8s/values/staging.yaml +++ /dev/null @@ -1,7 +0,0 @@ -env: staging -environment: Development -domain_name: sso.allizom.org -namespace: sso-dashboard-staging -assume_role: -registry: -replicas: 2 From 5b9e3bac4a0599573dfbc89346e1604b2c63b602 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 10 May 2023 17:34:45 -0400 Subject: [PATCH 006/141] Relocate old ansible files --- files/dumb-init | Bin 0 -> 21752 bytes files/sso-dashboard.ini | 19 +++++++++++++++++++ files/start.sh | 3 +++ 3 files changed, 22 insertions(+) create mode 100644 files/dumb-init create mode 100644 files/sso-dashboard.ini create mode 100644 files/start.sh diff --git a/files/dumb-init b/files/dumb-init new file mode 100644 index 0000000000000000000000000000000000000000..13e0d30e02845954920b5498f0fa8717f281f767 GIT binary patch literal 21752 zcmb_^3t&{$wf31j$RvcE$U~x{9CTt3komv0&zU4p zAHDzmM`!kH?X}llYwfkxeuN!G-o;5an~?Y<33m%rT9)MERpzfC46fist8R{vEVzVB zVJwGD9ce<&WtGhI(sHwyNCiRS6*R^e%9ZdU()DJ>N}sk!+LB_mTm4qNr&REMiR#Zu zv#s`$)e)XsS<3WtZ0E_RP%@5za;EP!{_`3^XbtPB^Oj43*hYZrqs@i6C<&^}f?oyD zX`>N9#>eS`5S(KaWuRlQ)Xsv1{YwZ(SI6@%m*5N=mnH~8dlE3PoqK4EHESbAl2Z`0 zuuW|F1}d5hJte@aJj;UPeu%!iZ$xDW&9?JfKw%6{6ogoig|<7gjW3P|o{-|mb{=-d zjXac^3&&D#wMm@Xf-ckyK!V9MZb5r+J2Jh%7JDD~7ZCpGfHLtvxd8Z|0{(UyF8V+` z9ye~~6JmPA_zH5E&sg*cPM{gJ0~|BD6*KCj4#v|2JL%eG62bjtG0>hdLDB#ctp_^h zJmt|3J;d~PnD*`&Pfz&%xh{eAbQ#bJ*3)waiSc?Gs2fVq-~N*o>xGqU=F>=+Hkifq z_Zn_!$7lj;4J+5I?WBhI@yZ1J+DIjRW+loU)V`AKJk1ew4J88s)6cLjV*#`6V~2*6 zNyFI2Ca{T91>g~{=p*PeLQkpwaj@{5R}%C;>lX*!Y%Y8Uc|k0?Xe@*(HWzyNXz6Q!ycv@e z^f$rFe=Y(qo589z&Tw=$^lSv5T(%M@nRYU}xiFjhimm?%VQ3#;;|)$w<7gINR(l_P zA^4ypQ$MP`y+i2~U+C9jww)gj0jx2vxo{q#3w^H{MdiQr6CFA8T!L5sD-`c}Ff8^% zi%&1^b-9GyD*@G!gIuQrKgK(-1VOJO6NqEKG35zvdLUN)C{Xo*qrg)QJkc@`MDlDd zJiwXLn#}p(xrZcW{1}ur7d~gQ?V}+ma&Tr6p?Q;w#TjP$2gWquVS2Q=u+4;f6>z&} z6GeQ=`SU^1TnI1vYcwSEQ@;p`URVU6=S*t)!PjUZAWV9Lh5MEg3HsnbUvuGakcYAi z8k0CdQ_X=?PEg@jfMu8bt`>4k}t`)cO9xeUAA1rjBFmNpT1`1EI;EmCR7>BfEm^a6aRMHmx zX!IChoZ;relO9Z@1C@gKov_|BaLoCEt;bj}j;JA?3u>Bv%vhd^Ucs490iiRzo1i&L zV)m~&18yQv<@ca%HE2UU#QA-+#JUswWkC^BSVbh2VWoDghZL}gQ~>e$Vf9=#Eq)u& zvz`>k9B59D+hIo$Ww!$y5~w1l%BqkGO^94-Ac%a*Af4m0DqKrV2u2MAQ9>D{s~fC} z_4k?(gp)&Tp$s6JRv|4Sg?f8;6<`=d|AFxnJC^idTx|ITTD3u+*z#>;9$lynRwB!4}(Ntp`lHTn6gk*wOPgz6uV*Rh& zBmo=Q?aoJ0d=Vu~aNoHfE9*O(sXgCnpWpdUSG21$nhS6D0Pnuk|5}1XxdHmT(*=@q zfx=v0>)~sRH$fHirT!Q|aIkG?WTBJ@oGj@-!QV0rKL_ypQvU?%Y{q|}TXZW(jzr-5 zS7W_0{UYWG=PAADB`o@+cK~_rXQTs|OzL4?gpQ!;>&UCQd|2af9y$bHb{Obr z_(2lH~L5gJUFR zEL^FW3W;vDeaPb7n0&JOZcpkrJzy$&K?KCh2=nceSIH~kt33KpDGN>6Yp2%W?H+xv zM}OnD6x=b}5r!rIRc;`R&F3-SotN!s2#j@x<1687_S$17-TDVif77eKFUS7?Co~J# zftBf(OO5*JK&chZCH+uSoZ;B!=C5L^=Q|2%Ed2wIzQ@^b+~z=`HLMWw{0@*qZ^tk#Vvp?s>>G=zZ%WR>=J`^gYQ)0a z4{C)$NJ41egP=nhR{;R@!+=_Ne#CiL-1RjVa|!w(2q_KhDi~Bxb_%jfXx*=jYhD1Q z+F?@%;`?JCuwX-O^c(0IOx*^A9rm*IG<^05#^7^4TBz06GLG8Q@bpC+YANBsCLBEVv~%`Z|$ypC$8BL?^jg;Wcgv;z-vD zn~NxOQ%|Zw8GL$D-z1^&oUzDMo#424kkej?7hDiS+${LIz|MV;o!BBlFPrDg6k8`F z<9^&_D{4V)1`2ZX;7oNwb5oL_j*EBcb1yVHk~ ztjB3VLlY3o9b$avaEC=G}a$OMunuyE7MEgNh@E1-*O0 zpKh;y#%(*U-#HQWdTIuK*;CE)ZNk#f6erUkblBDL@$R0~Q&1iH=#%0LCBfP6^_`>9 zr|_Zg2`P69#sN&FH5@E+Oi?rDl{s?sBkHxW`zWWJX$|ubN?g`$i^L)_lzi?>3xG~+ zN$2zY5s;#A301T;F&?;?GAa?+3ABRoBP@a4v#5Fdowm7R>jCQFOMMvq z-35c&RTK4G)QT3Mzz|WT)mH0rMy;tNM0Aw3crayTmy$_9;AVPqYOShsjIEtJ*kzl zsUGg&q;<&31sBE8&jI7{b(;$94LSCrj47q;!*-DrlI$#3$j6W=!g3zd++-8fO#IGN z{iKe{I&Y}T<_&F0g202<6}R>)U#8Y#Jz6ZfUy~o7;c7XhjFac)sn>eq5l_4;7At!E zI=T7dLS=4IOTThwJi@dtDb~$#UL(i5+ezwfebS3ANr>%8%rx3^DIV8);}Lvg)zn`d zuWhvpN+)o7^>Lf93}atHjZM9IX|U`IcEUtL2Btb-g7E_fivXpLi{(KGUq+Tb@zfGD z7sCuC%Q|#^MRrgoQ>morNltG5h|!TE=lHR&03#Wtal$Bewj8 z3h+9atToO=_n^3IOiQ>)#4bAx5uvy%9Q`*y%RRR!8nZSX z9ur!6QSUzTPV3>Ohs9m1Y_cAfy9TdsI~0y4i@WyAwq7lo?N0B~-X2svUB}00-OcF- zo6_|(zW2E)cmD53n49(zRpHYrw#|q=X1h?9d zDfgrSQi#5apN=?>zmFM(1QUmUC<=Q*MK+{3XDAA@VDYn%hFxUZ@iVA=n(6*tHpBmP z2WbZRC1H_5#KhCTpggNM^zhgUn<2Fgtj2fqFb3hf2>L9~Ln;SbZu zzT#*{{B}ew&;a(?B2awRd+XM~mrg%wTnD0ElI|n(Vy#kW)7(;KY`k4jOz19)_VBz_Q>`eRpReIvA_LJ0heQgm4{#2bal9WBUr_ zamL%T2ybd+q(1wq`XLkEd6=8jVR&D>g!#_5-_5(z5GN!-cp$>sLEjFT2Iyg$GaM;3 zN?Q4(DM#853*P4+4$_ zm&{=}dnj0v+jt`j25{Q7D4P}R3*5r;_HpYDEs2+w#3tZ)>Uy z1iCQ!o<(ygMaXB;#TakMqA+*Ra!SL=L&+M4XfU%)|lX;R3C zF}tGHcg=G&ROm1-#w1K2h)irdqPDC;INVdTz_Ji72`CvqL??Z3r%}3IFuYtBZ#3?f zXoV?v(?Bno10m8qW;9x31sBa>1&eYKGttU`(xvakxC%o4W5$n2qQNy=V!t(U-VU6) z0d|@vB~VOKsTL?-nIj*21jigN=yZ9JW6E7(9yS7Ep4YKn%qw$j5%YfFXa=~L_Y9Ba z#k`+8p62CWJD%g|%Z@No7HV-E=V_S(R3L&U+bSV&u@f(mX692fT5^nrYmwWzhscOf zQ0~z$uPpWGAIc?6dqe`z5#<($Qera}<$4PCG<*RChB(-(pS~Y6G#yR+IMe@VtOj$z z%tOw@vDM8l1%VOP=)I=fS?eifw%ojZW;}z1isA|u-QL&BuFK=E!P~yI5`=3Y`)y3p|a_q=ime8m=Q9v9{oHKUF3|DQe2ixJP70TBVO^B zf74#%vhwJ^Yl665H+o_0WZJlV!110pvbcg^1?*MqWNj}1z*~UseIz@>dDt`Xku??% z8D7jFra|Q9VM6{u6#m6daSR|*@wV|=%W3=IkJ3ew@ zwFWb^3$q)?>AhN)oh2{K)-z(6EV$6lLbN+vYG*zn`WKAwd2m4?`tm;j#sEjh0-uMD ziJd~M_Vb{`7Z8no9uN~dgxD>g2PN);5Yr;Tr71fv{1OBgf^;v57k&AR8OjBDc%s@ z!eTf&Be+oz`hV_t5{a%j99X@Q8>_1XORWi`2uH*H^Bw(kNPhw@0~?9^9AATyT6NS?YK=Fv|V>9zPB~p{!gf2Vi6oGR&Ok8 z1i`n^uxi!FNMFWC@!oavY7Dfa-VJQ7mwp16_W!_-tR0ttrSF)rZ9-9N_@$pw!!Pke zmCjQHosA90M0aR&a)$&O;f&pS6daGohvLT9VC5KY4|13fO!}J<`8Xa&%Fhh2qNA&^ z(JU#!oM|i5WTbp9cu&bfZ$+o1}e=1Ak;2zuYboQ&aB*SYBVe7l&a=O5gt2N4z^iZ#DbqfuqO! z-uZL)(fvn{AKf2I`BV3wPe1_qNB3idDv(~~4b?d6ibMX)uED9!9t0wJJW)+S^H5*Niq6f86VE zVVbXmR)}(2@AEcdbX&>L(d~|hD#6f)$P#aBel4>S2LHjM;iEN<2m7ZukUZpW>+y!x z+n8^n<4uRdm9hKjdvLhYHiuZat#3cW`M{L^6XN%~#iBzkhgExP|BjT_^DteZ^-23& zwpslrwxxRYt*p?R&a1frdvPZ&bt_Ta6(pW zA}7idTAAt9|HASj-n@&pBkoYmjl!@VjM4$4m6pSZ@EQ2H&FDfbI}8m?=^zgSrIB}@ z5wLKK66!>A2cw}WhzTef3GztT@ah*$_`KsR4_;var!$C;oQT@rkV6xv7~`q8ei|LU zdfb~g6df3YWz^q}UqNJj(5W#;PalgaWBbP4>4f#Iaa2vwAY<+d$qKU2w;l80dr1yQ zQzroiLOQ@icCZrqfGenp4tTKU-$5?!gj|koca)G|nAVd*idCX7xul0l1KF_}2m5oh zZ-0O6kt6*l)YlX2CJt2L5Xm9)i#quw;lTIjVSPQiLe>UvbnAz_q2-rkaTyL}JOyX# zuP+Kt)5CByS~SIT4^mjcK;v0C zuQ&G7(4re(#45u^4MWPEG|=}3F2uuLpRp`7XAr8~kPOvhM!v>CO7t+P$ zy>9YiM+W61@6eRw_yGz~3kCy{J4p66rAYr>(X>PIk&|xQJ9^0_XfKn+Uml9}Yj=a6 zi&L;J&tSthMxRU^0=uP37EA#jFT#lIV|m?PTOaGXnB*-u!Nlc**nvfPOa|v(Fa#Uz zA(H~)1GjjCw>g5>wv&JL+|v$0&3(NzHp8q!6A!b3Lt@AQTbnAlk_65-FzfjY z_7t}7ttkT5da}b2T4>V-)0MPM`!nL<*oQLYh!FS8z}eQrvVKs_@<4wf0qoMkpww)7 z)~49|XTE`xvDlcSsn600S?{4ixgcDhjjg-YLCrjB#Ila2hAc20DPp4W!{*9vnkks9 zE_dF(W6`(z9>{okM0;P7ZCQ)D<6+JFkh1(yQY+by|7 z1rHQNj;AhY`eM@y*o+Q8m7rGk(Xeh za-4Ac3Y~3`9IRunVQZpBZQf@73JtZzb z81rEsbPc(UqHnkXy~pkRfV%-h#E~#b4WD2W9(&{Mac5(=T^jo+@ka zB{3b2h0X9f@?~xB4ANZ-cPR`g`h15+TyoMIs&H&$dJPUl`!oYjG1`F|r>~f3L8e30NPEd3 zdB7xa<1}7k6qppL<7j0LPuW`lPGT33x@7DEgt_= zE_9*M14o56@vc?n$j;kk|p+Ldla`S=LSOqMjT`l}2chBT%C3Jg_^k`m`Pd-ZwgUTSnhAz`al=h67sHHuli&E%crqGnnj}K;` z&26i3WXc75AH9*btT{&dU!iLxf*#=>vs)%67nhq01hFLrcSm0RmB*9kPgl}$>ygUh zk=R*}eoSs&FkQLToA*j_>v>Y-IkNs1%KGbICT47+UU$|)9m|%Rci5(@ucJG3G%3ap zEojs^(FbWTv15r%GxA}}8z%uY$pO=?^(50ANNrHiYZE(`4{<57uD4TyKM)06tH&0Br7l6SgP>?1;u)|&xs9N*gLi2| z`GIj5V;?q*%d_>nV%IRdjmT!fd$4Q#3U-YFd+<6C)!M(+(fpb;&<~np*JCb|wG;W; z#q`FEP5l{Yw;hR{Xzg$Mf%YmSv0#?i`g2T+n0Tw$`gLS6ndPuz2efEDLW9QJ(Uj~^ zXCx+*($n(Kqb6}*ViND91b;r6PhuUPgxGo)rs_O3Y6_xufu?YP?|JXb)nX^qip|DER2+{*U8!VAXkj20Ur*|o%e8&n88`_jJLz6-EFIutivpn* zK?CEh`-}8$WxTsBtQ{BUC#!Z@d*>Khy50Km>9mWI2lmis{W^6ON}*t-USbkcCdgrr}_q1V=IHqa-(M5~xY zv_9q}Cem&>A6%7pzkm_V-Ez@&{c=2l{W1~Z!G0O1>#@m2&VIR*Y7p^oEOO^Alt>%a zv(T^k{N1>l%P~aUhPuIR+yZueV!z$!myl%ZDYxi3&aep93y4lzPpNi&|=i z>cOK=Cm0Tc`5^KF%m$dfnznDNIorL&FS+29sQnVe$icfv@t@(d-R>yEYECiqv2@NM zwoS*$0PQqS6dV*E+ey&2y|F!U#Zg6HwCHd18v^4eV7RRBUHw4xc3i0pvm!C=*tkTF z9u0PZkwyA(cs`;hm-+Uxc}PWXjU(6Es^S2ZB>0bp)f$*s~R*7y#9!L?lYWn!jPy92evOh$K^II4t~dfj;G#8r4C z9O2^&w>MxEqepZlcD%3?kb0)rYM{lmoGsr4pI8vb49+bwbB05ABxyq#iioQnZTrqkf^s_guNaoc z@v%nC5&LsIlCtP>o-%%QlI8-Lx(iO#=OzHGcp?F3ga9QMyyX_XvFJAjktew;hsY+H zGXG9Gw)%U4W5>(9lKIY1yz=8H+}w{4giw4jItald5N8v7zXY?cVU35Pw5YVDBK7XInU#^ zVZET{QAF?Z1_P^c#jw5vJ(zwE)cPLWUfh$Lz>U0Qj%^J#d|GXU5spHFh!^M4O@?)V zO*a`76@exbGZ52thGeC4tTdNW(QORh5NMzeyO5oGXwC`lB;I?v&iAC@Ao9FAHFg`l zM-+FZ6`T=Ueh(bjbK979!bTtvb?agE9bDvC@4aw;Lf5Jky-=5ZV#~iH>-FtpFWRgR zj>x<4LMN>OJFhVNQkv(*X6xh8BW&QHC+`*Sv_5ZZuUh2U9Un43u^Y^HVrG}6p-kB0 zgKSzaf#DS31kMe5@P!k8ixWWmeNMA7orRXznC)UrH0OcS+_0_SEbT@PBEVKpMehbI z4%W}%jCK$x?DZ1|dJr%QO6D`z#hZEcLp(NPUD4!o>_>1LO6oK51M0_-o$tqqBkhT~ z0muU+;xG3x?Lu}v;#s#iXmHs?$#o<^N}?5UDlZ(+v|Ic1(P9|*FC!v!oWKX59E_K=ovWZb>fKT5X-yB1`e@l zc;Cwu?YzVF*pcebWdE<#kS|Iw5wg zDQEPz@hT;?;Ea0qN!*RlTV%nQK>W6$F!I)ypD`EbK6rw;*uDsSwr)(r{5rmvZ-lBdo{XK6gV~t<2eDLo*pYHZj^m8w$Zu&ZuW!HnGG&5k z1%2xEMRYBUbKBRfVWSjm92Zk##}hp483VJh6Hl zdl3YhchS=_BJE!UG^j6W-@-Gn4aS!-4cu8!Iy|ujq-6 z0X(fjrq467v86I^tey1Q>to4$&VzSXR*r?X<+oGxDyHIqYEeGx(FReX2W@n(jW>j= zrb$qCeNZXEo$(2D18%(2zVSZPvz{~?pjq%vCzV1iX?@sXuz`Ly4f=VE%_z*HdL4iK zp+5qZo-`gs<9c%Tw3JHmqUPJch;1m&6IrkkXEe)m5dz>O7Dnn8cMvx^3pJZj zk{!b)VlWK{uYC-$bMg`?)<;*<*e~LOHn|jrF7JaDI^)5buI?KEtd+R7}$gb}j_f2@36;R_9{kV_X2l})b zO%JV$-NwD55OeS$#TO1K*T20GC4iA&I_|P-rhw2jL$xwk7SP z=ghaG$y9O;8+4c~lyOYKr^)N1n`q;%@yX(EgrZ-ERIS6fKN6qh4wx>1SViw!u(en+ z#~Z9eR0?%rxLL*;E_2NByxCE7mrF2a(^~Weno2yr*EpxS zg*?$Y5txnB{KBor_zSrybi?*`kMq1iMy$BtNtY2B%<EvByDws3e|#u#IPfY0uj6ez;fC z(_m@vNMH#9`X$)_f>B;ViUlR0CrL|kVJI<|B_KNzT}j;0hdPr0+5WEpg2jNPzKiMi z*`qju#yb-IBU*LF`zYX&1}7-nD2BpIkoa+O##l;RZN!$B(Onzb(U{_DyDPGDD2`~g z@p}D?_Wpvd!7BUZ2DtD@IC;O@|VX z73uXA^b=NLajErs3Uh8sHU6CxWB5hWs144j7hU7|?d>sum8{`0Nc=clnfbtJGQZTg z@mJSLIBn?1!zu(a-yw0*BPhJ;DV&BDLqp9P6rPxjcX|ydB>v!%#P%7VH5KaS4Ku52 ztCh9V;=20A^7;yYg%qgXSX*8rO|OuYI>}d6T~kr-ubq_vJfq?7_51wQ4Wq$12p?@U zoNS_y8mpBmsl?+Zy#A(Y1wDBc<)wg9uBZVtnK(YLe`9$-QvCIst82>%&xWldH2)o) zi)aE@j5soww4|=CV#8K{g7VSh-mBKuR@ZKns%xcyUkOxKNSo^_{I^MgI;qlR6}6Un zmXww)F9B3Q@t0fVU%{tkb&6E~58+a({8C+g^+wF9CNZJh=@oei>aOH}sT$bgudN^= z0{)sxsY3OWyvoY%xB8;nuz010>4BAj@{Rtv()56|rf!Q;U01tS^3`qLTwYrttyxoE zzj3WJYu2o_85tv;ssmCvkZs;l4tDV6-z~Rz2B!;dQSYTh0M!qw@P)DQnkY8?}Mny`HVov%myO9!C$|j zF5pklRZ?GFtAJG-)Q!*p(mSZx=5i7g@hzZK`0MNWOlDS5_bPwQmPB8qW_Lar-m)3O zg1kY7sr+WoRo1`(!fJgIJ^hkTt;b4NBv8fyM*3zfR%>b`j+m69p}e}Ld;_!sT!PRf z=s}gDYzfSrJ$oaTxw>H%G;8+#pm6rEHj(}K1Qi5}H`bSLmPi8wYctB~w~~fh(*p;j zN*YHSQ*6xdSUNGoHMb;Jn6Oq=Bs?(-~$ky$2ti`==U<;oLC5W;BX7c6C> zltedzfmXgSqpD$*PjIg+UbxP)%u}|`U9@oJ62UpDrnIQ66o0y#e}(C?CInf+0w~1) z(G#B@AY+mtR6$K@{Oip1FU+p+H_Wbu%s#{I3^#ddYWy3qwl{25{IFtQQT??(zu>Oh z3{xP1jdk_Hz5ak&qwp0~@844I4?salFapW5TvC*+LJ4_-0N2jAYv4Qv%WweVi`>K1Zd zfvxZyny+xvAg@kUt^}@B1K=d9 z3z(+8uCaEwpw`y=%Y9W`JaPr12KWmI5*>tv^>v&4wbGVqaLhA%xh33$Jghl@ujOVp zVPQ?3ZGAp^EbgiksvwKi<D3os9yrHh9+Q*rUs=6&)KWfW2lgqV$%8-FGh0%vw=EL&ITQa~* zIVEs~zWVAdN?rXZGb$`BueiFI^vd*W36&(E1beu8@}Ws1h2gPD3j)-Y*f)BFVa=+5 zig4aG)~Se#>U=QzLMg&8zqQ7Eb+92^geCRR1EDNdYfVL> zwZ?-5a?_@?5?%-kfr0?Y&|EYgEL5esvKnaXu|N<;3U0n^OxFo-2Tj^c6X6SOWC2)E zq?@Ff)*>^(1Ek7)l?4PZ7$H?5(AeOIGy;Ci31gJh*C} zn#tlOY)t?>^(!DW07qb&7fT)^8d_|*-4WRgkJ*T*W+R_Iw;&d_;b!9A$ULv8M$83k zKrAigB$!C3!$=FQg^|*5_sa6kWJ9imO{~pNYUGB%Vv~>nyppzMex(sEkw&v^go?V9pDI-k?@iLLE$7I>HER#)vu)B9h4(;Q~=LQn{$Smd_G_mQ-E| z`-(`N4DQ=Thj_y-@xPTRn|AYc<7`RE*W5ED zGdpGMjpJ|nVpVP3malA(QpboBCQiEEer;N=V{%Sh{ST~paP33u)|dM#{FNK4AKp|`A5gYFvTeH{2Lk?j?i?x+>G>=8t|8ZS_{dk} zWe9VnYRh?>n~Av+s?2O+HNgHL*0)S5+GneQ`q{8O5!E=a!fq;SgC5I>{heB+DfB&SC$j) zSEmX1|KDlaRrGus{x`mOC7quJ_j&b+c_rZPwdUWHYvNC|U!5l46L5+0)oGiBug0SH zE(>qxr_lestN0(b;IGD;nE!SQ&o8b@pRmgRVx|AvVb14jxP0gBU%KPYFW)t%Kwh}W zU9?!Z>N7#e5GG8Z%R3>}Y@%~{{KH(DV}&u)$Lg5? zrW6q72bjlE`#1rA(3(!w>C`yfo`4%pGlz2m{%J6L_)of7jbAe}3TQaX&-kp8h%|+M zgmkkSzoXkNFe{-~m5C4j=^a7fKj~&Qe(^t@l1`jRzn}cMqMbAEli`MIM{@wo5r{*e z)~x=Ya%g7$>KXZ~rTo=1^P6VmH%a+T0=D6TXW3$5nY>J>Ew2@32{UJ4z78p_48r&}Q@J>IQ|&U|YW?7_ls?T1Ts)=hwnXm#CB^A>7zgEHyj>4N z0mHc33FFi>jN{rcm>I^NI}CjbL-=9vDGdIEA>A-U8iuUG5KtJJ7={$WlkmmWVt6vX zxG4!=hwt_H-hl5Ed~d`Tf7BYracdZ~{t9!6VEhQik6`==#*bk92*!_K{0PR6VEhQi zk6`==#y^7bBN#sdb;NVAO!Uu0|4j7HJVNtN=!xx-dj(rlw(W+@H2aen2;=jw^y_$> zFG4vhTT9xQk!5FNmuK09JJ3#dTqS7F0YSpTtn4R}pC(Buqma;f2KdCVzOF|8L zF3hsuV=hq|Pr-N23-LJSIsCZ|xhL>-pvk}n z>gfAfpU?BJpVgPzETi{#VAtK{`n$T%s#s~k&$iMtE7pG&I85T-eR#a^ceVf1idlgw z>@9HMAk3mua$%N&J*6Gv$duOJMZpYCRx3J-YuHtN$6RQ#JiD|ESN^E&w*-ivIKu z4btcSxjgyY@nK7N|AZWyt^Unc|0fcLz(i+JXBCi4zp8)sau;vRUd|KYq?ru=!X91m znT--`(FmO->&^BOGr1c6>he5*!Hy00r+?#zKK6gG{}R9w{}Xbee>8|b+5cdFFJMRa zcUk>iR{!-^3EV}JBgA{jk)qK?u;|NBN)B7YS* G!v6(=-J-+* literal 0 HcmV?d00001 diff --git a/files/sso-dashboard.ini b/files/sso-dashboard.ini new file mode 100644 index 00000000..8b7a07ba --- /dev/null +++ b/files/sso-dashboard.ini @@ -0,0 +1,19 @@ +[sso-dashboard] + +debug=False +testing=False +csrf_enabled=True +permanent_session=True +permanent_session_lifetime=86400 +session_cookie_httponly=True +logger_name=sso-dashboard +preferred_url_scheme=https + +#Optional secret values +#oidc_domain=auth-dev.mozilla.auth0.com +#oidc_client_id=redacted +#oidc_client_secret=redacted + +#Ops features +enable_prometheus_monitoring=False +prometheus_monitoring_port=9000 diff --git a/files/start.sh b/files/start.sh new file mode 100644 index 00000000..61cf89ab --- /dev/null +++ b/files/start.sh @@ -0,0 +1,3 @@ +#!/bin/bash +python3 -m gunicorn.app.wsgiapp dashboard.app:app --worker-class gevent --bind 0.0.0.0:8000 --workers=${DASHBOARD_GUNICORN_WORKERS:-5} --reload & +nginx -c /etc/nginx/nginx.conf -g "daemon off;" From 30ea743e01342f2abf887f6ffda6f34ae209100a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 15:39:31 -0400 Subject: [PATCH 007/141] Remove aws logging --- dashboard/logging.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/dashboard/logging.yml b/dashboard/logging.yml index f3c5ff5f..d0920d28 100644 --- a/dashboard/logging.yml +++ b/dashboard/logging.yml @@ -11,20 +11,12 @@ handlers: level: DEBUG formatter: plaintext stream: ext://sys.stdout - watchtower: - formatter: json - level: INFO - (): watchtower.CloudWatchLogHandler - log_group: sso-dashboard - stream_name: flask - send_interval: 1 - create_log_group: False loggers: sso-dashboard: - handlers: [console, watchtower] + handlers: [console] __main__: - handlers: [console, watchtower] + handlers: [console] root: - handlers: [console, watchtower] + handlers: [console] requests: - handlers: [console, watchtower] + handlers: [console] From a3a03800975a51a09d584b24a27b3c1e8827b94a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 15:43:37 -0400 Subject: [PATCH 008/141] Redo Dockerfile --- Dockerfile | 50 ++++++++++++++++-------------------------------- files/dumb-init | Bin 21752 -> 0 bytes files/start.sh | 3 +-- 3 files changed, 17 insertions(+), 36 deletions(-) delete mode 100644 files/dumb-init diff --git a/Dockerfile b/Dockerfile index 770025d7..4264ccbd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,39 +1,21 @@ -FROM centos:7 +FROM python:3.7-bullseye -RUN yum update -y -RUN yum install epel-release -y && yum update -y -RUN yum install nginx python36 python36-devel python36-pip -y -COPY ./ansible/roles/dashboard/files/dumb-init /usr/bin/dumb-init -RUN chmod 775 /usr/bin/dumb-init -RUN yum install gcc \ - libffi-devel \ - \ openssl openssl-devel \ - curl-devel -y -COPY ./ansible/roles/dashboard/files/nginx/nginx.conf /etc/nginx/nginx.conf -COPY ./ansible/roles/dashboard/files/nginx/start.sh /usr/bin/start.sh -RUN chmod 775 /usr/bin/start.sh -COPY ./ansible/roles/dashboard/files/sso-dashboard.ini /etc/dashboard.ini -RUN chmod 775 /etc/dashboard.ini -RUN yum install git -y -RUN yum install rubygem-sass -y -RUN pip3 install --upgrade setuptools-rust pip -RUN pip3 install credstash -RUN useradd -ms /bin/bash flaskuser -RUN mkdir /dashboard -RUN chown -R flaskuser /dashboard -COPY requirements.txt /dashboard/requirements.txt +RUN apt update && apt install -y ruby-sass \ + && rm -rf /var/lib/apt/lists/* +COPY ./files/start.sh /start.sh +RUN chmod 755 /start.sh +COPY ./files/sso-dashboard.ini /dashboard.ini +RUN chmod 644 /dashboard.ini RUN pip3 install --upgrade pip +COPY ./requirements.txt /dashboard/ RUN pip3 install -r /dashboard/requirements.txt -COPY ./dashboard/ /dashboard/ -RUN rm /dashboard/static/css/gen/all.css 2& > /dev/null -RUN rm /dashboard/static/js/gen/packed.js 2& > /dev/null -RUN rm /dashboard/data/apps.yml-etag 2& > /dev/null -RUN mkdir -p /dashboard/static/img/logos -RUN chmod 750 -R /dashboard -RUN useradd -ms /bin/bash flaskapp -RUN chown -R flaskapp:nginx /dashboard RUN pip3 install pyOpenSSL==17.3.0 --upgrade RUN pip3 install cryptography==2.0 --upgrade -RUN pip3 install flake8 --upgrade -# RUN pip3 install git+git://github.com/mozilla-iam/pyoidc.git@fix_updated_at#egg=pyoidc -ENTRYPOINT [ "dumb-init", "/usr/bin/start.sh" ] +COPY ./dashboard/ /dashboard/ +RUN chmod 750 -R /dashboard +RUN rm /dashboard/static/css/gen/all.css \ + /dashboard/static/js/gen/packed.js \ + /dashboard/data/apps.yml-etag 2& > /dev/null +RUN mkdir -p /dashboard/static/img/logos + +ENTRYPOINT ["/start.sh"] diff --git a/files/dumb-init b/files/dumb-init deleted file mode 100644 index 13e0d30e02845954920b5498f0fa8717f281f767..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21752 zcmb_^3t&{$wf31j$RvcE$U~x{9CTt3komv0&zU4p zAHDzmM`!kH?X}llYwfkxeuN!G-o;5an~?Y<33m%rT9)MERpzfC46fist8R{vEVzVB zVJwGD9ce<&WtGhI(sHwyNCiRS6*R^e%9ZdU()DJ>N}sk!+LB_mTm4qNr&REMiR#Zu zv#s`$)e)XsS<3WtZ0E_RP%@5za;EP!{_`3^XbtPB^Oj43*hYZrqs@i6C<&^}f?oyD zX`>N9#>eS`5S(KaWuRlQ)Xsv1{YwZ(SI6@%m*5N=mnH~8dlE3PoqK4EHESbAl2Z`0 zuuW|F1}d5hJte@aJj;UPeu%!iZ$xDW&9?JfKw%6{6ogoig|<7gjW3P|o{-|mb{=-d zjXac^3&&D#wMm@Xf-ckyK!V9MZb5r+J2Jh%7JDD~7ZCpGfHLtvxd8Z|0{(UyF8V+` z9ye~~6JmPA_zH5E&sg*cPM{gJ0~|BD6*KCj4#v|2JL%eG62bjtG0>hdLDB#ctp_^h zJmt|3J;d~PnD*`&Pfz&%xh{eAbQ#bJ*3)waiSc?Gs2fVq-~N*o>xGqU=F>=+Hkifq z_Zn_!$7lj;4J+5I?WBhI@yZ1J+DIjRW+loU)V`AKJk1ew4J88s)6cLjV*#`6V~2*6 zNyFI2Ca{T91>g~{=p*PeLQkpwaj@{5R}%C;>lX*!Y%Y8Uc|k0?Xe@*(HWzyNXz6Q!ycv@e z^f$rFe=Y(qo589z&Tw=$^lSv5T(%M@nRYU}xiFjhimm?%VQ3#;;|)$w<7gINR(l_P zA^4ypQ$MP`y+i2~U+C9jww)gj0jx2vxo{q#3w^H{MdiQr6CFA8T!L5sD-`c}Ff8^% zi%&1^b-9GyD*@G!gIuQrKgK(-1VOJO6NqEKG35zvdLUN)C{Xo*qrg)QJkc@`MDlDd zJiwXLn#}p(xrZcW{1}ur7d~gQ?V}+ma&Tr6p?Q;w#TjP$2gWquVS2Q=u+4;f6>z&} z6GeQ=`SU^1TnI1vYcwSEQ@;p`URVU6=S*t)!PjUZAWV9Lh5MEg3HsnbUvuGakcYAi z8k0CdQ_X=?PEg@jfMu8bt`>4k}t`)cO9xeUAA1rjBFmNpT1`1EI;EmCR7>BfEm^a6aRMHmx zX!IChoZ;relO9Z@1C@gKov_|BaLoCEt;bj}j;JA?3u>Bv%vhd^Ucs490iiRzo1i&L zV)m~&18yQv<@ca%HE2UU#QA-+#JUswWkC^BSVbh2VWoDghZL}gQ~>e$Vf9=#Eq)u& zvz`>k9B59D+hIo$Ww!$y5~w1l%BqkGO^94-Ac%a*Af4m0DqKrV2u2MAQ9>D{s~fC} z_4k?(gp)&Tp$s6JRv|4Sg?f8;6<`=d|AFxnJC^idTx|ITTD3u+*z#>;9$lynRwB!4}(Ntp`lHTn6gk*wOPgz6uV*Rh& zBmo=Q?aoJ0d=Vu~aNoHfE9*O(sXgCnpWpdUSG21$nhS6D0Pnuk|5}1XxdHmT(*=@q zfx=v0>)~sRH$fHirT!Q|aIkG?WTBJ@oGj@-!QV0rKL_ypQvU?%Y{q|}TXZW(jzr-5 zS7W_0{UYWG=PAADB`o@+cK~_rXQTs|OzL4?gpQ!;>&UCQd|2af9y$bHb{Obr z_(2lH~L5gJUFR zEL^FW3W;vDeaPb7n0&JOZcpkrJzy$&K?KCh2=nceSIH~kt33KpDGN>6Yp2%W?H+xv zM}OnD6x=b}5r!rIRc;`R&F3-SotN!s2#j@x<1687_S$17-TDVif77eKFUS7?Co~J# zftBf(OO5*JK&chZCH+uSoZ;B!=C5L^=Q|2%Ed2wIzQ@^b+~z=`HLMWw{0@*qZ^tk#Vvp?s>>G=zZ%WR>=J`^gYQ)0a z4{C)$NJ41egP=nhR{;R@!+=_Ne#CiL-1RjVa|!w(2q_KhDi~Bxb_%jfXx*=jYhD1Q z+F?@%;`?JCuwX-O^c(0IOx*^A9rm*IG<^05#^7^4TBz06GLG8Q@bpC+YANBsCLBEVv~%`Z|$ypC$8BL?^jg;Wcgv;z-vD zn~NxOQ%|Zw8GL$D-z1^&oUzDMo#424kkej?7hDiS+${LIz|MV;o!BBlFPrDg6k8`F z<9^&_D{4V)1`2ZX;7oNwb5oL_j*EBcb1yVHk~ ztjB3VLlY3o9b$avaEC=G}a$OMunuyE7MEgNh@E1-*O0 zpKh;y#%(*U-#HQWdTIuK*;CE)ZNk#f6erUkblBDL@$R0~Q&1iH=#%0LCBfP6^_`>9 zr|_Zg2`P69#sN&FH5@E+Oi?rDl{s?sBkHxW`zWWJX$|ubN?g`$i^L)_lzi?>3xG~+ zN$2zY5s;#A301T;F&?;?GAa?+3ABRoBP@a4v#5Fdowm7R>jCQFOMMvq z-35c&RTK4G)QT3Mzz|WT)mH0rMy;tNM0Aw3crayTmy$_9;AVPqYOShsjIEtJ*kzl zsUGg&q;<&31sBE8&jI7{b(;$94LSCrj47q;!*-DrlI$#3$j6W=!g3zd++-8fO#IGN z{iKe{I&Y}T<_&F0g202<6}R>)U#8Y#Jz6ZfUy~o7;c7XhjFac)sn>eq5l_4;7At!E zI=T7dLS=4IOTThwJi@dtDb~$#UL(i5+ezwfebS3ANr>%8%rx3^DIV8);}Lvg)zn`d zuWhvpN+)o7^>Lf93}atHjZM9IX|U`IcEUtL2Btb-g7E_fivXpLi{(KGUq+Tb@zfGD z7sCuC%Q|#^MRrgoQ>morNltG5h|!TE=lHR&03#Wtal$Bewj8 z3h+9atToO=_n^3IOiQ>)#4bAx5uvy%9Q`*y%RRR!8nZSX z9ur!6QSUzTPV3>Ohs9m1Y_cAfy9TdsI~0y4i@WyAwq7lo?N0B~-X2svUB}00-OcF- zo6_|(zW2E)cmD53n49(zRpHYrw#|q=X1h?9d zDfgrSQi#5apN=?>zmFM(1QUmUC<=Q*MK+{3XDAA@VDYn%hFxUZ@iVA=n(6*tHpBmP z2WbZRC1H_5#KhCTpggNM^zhgUn<2Fgtj2fqFb3hf2>L9~Ln;SbZu zzT#*{{B}ew&;a(?B2awRd+XM~mrg%wTnD0ElI|n(Vy#kW)7(;KY`k4jOz19)_VBz_Q>`eRpReIvA_LJ0heQgm4{#2bal9WBUr_ zamL%T2ybd+q(1wq`XLkEd6=8jVR&D>g!#_5-_5(z5GN!-cp$>sLEjFT2Iyg$GaM;3 zN?Q4(DM#853*P4+4$_ zm&{=}dnj0v+jt`j25{Q7D4P}R3*5r;_HpYDEs2+w#3tZ)>Uy z1iCQ!o<(ygMaXB;#TakMqA+*Ra!SL=L&+M4XfU%)|lX;R3C zF}tGHcg=G&ROm1-#w1K2h)irdqPDC;INVdTz_Ji72`CvqL??Z3r%}3IFuYtBZ#3?f zXoV?v(?Bno10m8qW;9x31sBa>1&eYKGttU`(xvakxC%o4W5$n2qQNy=V!t(U-VU6) z0d|@vB~VOKsTL?-nIj*21jigN=yZ9JW6E7(9yS7Ep4YKn%qw$j5%YfFXa=~L_Y9Ba z#k`+8p62CWJD%g|%Z@No7HV-E=V_S(R3L&U+bSV&u@f(mX692fT5^nrYmwWzhscOf zQ0~z$uPpWGAIc?6dqe`z5#<($Qera}<$4PCG<*RChB(-(pS~Y6G#yR+IMe@VtOj$z z%tOw@vDM8l1%VOP=)I=fS?eifw%ojZW;}z1isA|u-QL&BuFK=E!P~yI5`=3Y`)y3p|a_q=ime8m=Q9v9{oHKUF3|DQe2ixJP70TBVO^B zf74#%vhwJ^Yl665H+o_0WZJlV!110pvbcg^1?*MqWNj}1z*~UseIz@>dDt`Xku??% z8D7jFra|Q9VM6{u6#m6daSR|*@wV|=%W3=IkJ3ew@ zwFWb^3$q)?>AhN)oh2{K)-z(6EV$6lLbN+vYG*zn`WKAwd2m4?`tm;j#sEjh0-uMD ziJd~M_Vb{`7Z8no9uN~dgxD>g2PN);5Yr;Tr71fv{1OBgf^;v57k&AR8OjBDc%s@ z!eTf&Be+oz`hV_t5{a%j99X@Q8>_1XORWi`2uH*H^Bw(kNPhw@0~?9^9AATyT6NS?YK=Fv|V>9zPB~p{!gf2Vi6oGR&Ok8 z1i`n^uxi!FNMFWC@!oavY7Dfa-VJQ7mwp16_W!_-tR0ttrSF)rZ9-9N_@$pw!!Pke zmCjQHosA90M0aR&a)$&O;f&pS6daGohvLT9VC5KY4|13fO!}J<`8Xa&%Fhh2qNA&^ z(JU#!oM|i5WTbp9cu&bfZ$+o1}e=1Ak;2zuYboQ&aB*SYBVe7l&a=O5gt2N4z^iZ#DbqfuqO! z-uZL)(fvn{AKf2I`BV3wPe1_qNB3idDv(~~4b?d6ibMX)uED9!9t0wJJW)+S^H5*Niq6f86VE zVVbXmR)}(2@AEcdbX&>L(d~|hD#6f)$P#aBel4>S2LHjM;iEN<2m7ZukUZpW>+y!x z+n8^n<4uRdm9hKjdvLhYHiuZat#3cW`M{L^6XN%~#iBzkhgExP|BjT_^DteZ^-23& zwpslrwxxRYt*p?R&a1frdvPZ&bt_Ta6(pW zA}7idTAAt9|HASj-n@&pBkoYmjl!@VjM4$4m6pSZ@EQ2H&FDfbI}8m?=^zgSrIB}@ z5wLKK66!>A2cw}WhzTef3GztT@ah*$_`KsR4_;var!$C;oQT@rkV6xv7~`q8ei|LU zdfb~g6df3YWz^q}UqNJj(5W#;PalgaWBbP4>4f#Iaa2vwAY<+d$qKU2w;l80dr1yQ zQzroiLOQ@icCZrqfGenp4tTKU-$5?!gj|koca)G|nAVd*idCX7xul0l1KF_}2m5oh zZ-0O6kt6*l)YlX2CJt2L5Xm9)i#quw;lTIjVSPQiLe>UvbnAz_q2-rkaTyL}JOyX# zuP+Kt)5CByS~SIT4^mjcK;v0C zuQ&G7(4re(#45u^4MWPEG|=}3F2uuLpRp`7XAr8~kPOvhM!v>CO7t+P$ zy>9YiM+W61@6eRw_yGz~3kCy{J4p66rAYr>(X>PIk&|xQJ9^0_XfKn+Uml9}Yj=a6 zi&L;J&tSthMxRU^0=uP37EA#jFT#lIV|m?PTOaGXnB*-u!Nlc**nvfPOa|v(Fa#Uz zA(H~)1GjjCw>g5>wv&JL+|v$0&3(NzHp8q!6A!b3Lt@AQTbnAlk_65-FzfjY z_7t}7ttkT5da}b2T4>V-)0MPM`!nL<*oQLYh!FS8z}eQrvVKs_@<4wf0qoMkpww)7 z)~49|XTE`xvDlcSsn600S?{4ixgcDhjjg-YLCrjB#Ila2hAc20DPp4W!{*9vnkks9 zE_dF(W6`(z9>{okM0;P7ZCQ)D<6+JFkh1(yQY+by|7 z1rHQNj;AhY`eM@y*o+Q8m7rGk(Xeh za-4Ac3Y~3`9IRunVQZpBZQf@73JtZzb z81rEsbPc(UqHnkXy~pkRfV%-h#E~#b4WD2W9(&{Mac5(=T^jo+@ka zB{3b2h0X9f@?~xB4ANZ-cPR`g`h15+TyoMIs&H&$dJPUl`!oYjG1`F|r>~f3L8e30NPEd3 zdB7xa<1}7k6qppL<7j0LPuW`lPGT33x@7DEgt_= zE_9*M14o56@vc?n$j;kk|p+Ldla`S=LSOqMjT`l}2chBT%C3Jg_^k`m`Pd-ZwgUTSnhAz`al=h67sHHuli&E%crqGnnj}K;` z&26i3WXc75AH9*btT{&dU!iLxf*#=>vs)%67nhq01hFLrcSm0RmB*9kPgl}$>ygUh zk=R*}eoSs&FkQLToA*j_>v>Y-IkNs1%KGbICT47+UU$|)9m|%Rci5(@ucJG3G%3ap zEojs^(FbWTv15r%GxA}}8z%uY$pO=?^(50ANNrHiYZE(`4{<57uD4TyKM)06tH&0Br7l6SgP>?1;u)|&xs9N*gLi2| z`GIj5V;?q*%d_>nV%IRdjmT!fd$4Q#3U-YFd+<6C)!M(+(fpb;&<~np*JCb|wG;W; z#q`FEP5l{Yw;hR{Xzg$Mf%YmSv0#?i`g2T+n0Tw$`gLS6ndPuz2efEDLW9QJ(Uj~^ zXCx+*($n(Kqb6}*ViND91b;r6PhuUPgxGo)rs_O3Y6_xufu?YP?|JXb)nX^qip|DER2+{*U8!VAXkj20Ur*|o%e8&n88`_jJLz6-EFIutivpn* zK?CEh`-}8$WxTsBtQ{BUC#!Z@d*>Khy50Km>9mWI2lmis{W^6ON}*t-USbkcCdgrr}_q1V=IHqa-(M5~xY zv_9q}Cem&>A6%7pzkm_V-Ez@&{c=2l{W1~Z!G0O1>#@m2&VIR*Y7p^oEOO^Alt>%a zv(T^k{N1>l%P~aUhPuIR+yZueV!z$!myl%ZDYxi3&aep93y4lzPpNi&|=i z>cOK=Cm0Tc`5^KF%m$dfnznDNIorL&FS+29sQnVe$icfv@t@(d-R>yEYECiqv2@NM zwoS*$0PQqS6dV*E+ey&2y|F!U#Zg6HwCHd18v^4eV7RRBUHw4xc3i0pvm!C=*tkTF z9u0PZkwyA(cs`;hm-+Uxc}PWXjU(6Es^S2ZB>0bp)f$*s~R*7y#9!L?lYWn!jPy92evOh$K^II4t~dfj;G#8r4C z9O2^&w>MxEqepZlcD%3?kb0)rYM{lmoGsr4pI8vb49+bwbB05ABxyq#iioQnZTrqkf^s_guNaoc z@v%nC5&LsIlCtP>o-%%QlI8-Lx(iO#=OzHGcp?F3ga9QMyyX_XvFJAjktew;hsY+H zGXG9Gw)%U4W5>(9lKIY1yz=8H+}w{4giw4jItald5N8v7zXY?cVU35Pw5YVDBK7XInU#^ zVZET{QAF?Z1_P^c#jw5vJ(zwE)cPLWUfh$Lz>U0Qj%^J#d|GXU5spHFh!^M4O@?)V zO*a`76@exbGZ52thGeC4tTdNW(QORh5NMzeyO5oGXwC`lB;I?v&iAC@Ao9FAHFg`l zM-+FZ6`T=Ueh(bjbK979!bTtvb?agE9bDvC@4aw;Lf5Jky-=5ZV#~iH>-FtpFWRgR zj>x<4LMN>OJFhVNQkv(*X6xh8BW&QHC+`*Sv_5ZZuUh2U9Un43u^Y^HVrG}6p-kB0 zgKSzaf#DS31kMe5@P!k8ixWWmeNMA7orRXznC)UrH0OcS+_0_SEbT@PBEVKpMehbI z4%W}%jCK$x?DZ1|dJr%QO6D`z#hZEcLp(NPUD4!o>_>1LO6oK51M0_-o$tqqBkhT~ z0muU+;xG3x?Lu}v;#s#iXmHs?$#o<^N}?5UDlZ(+v|Ic1(P9|*FC!v!oWKX59E_K=ovWZb>fKT5X-yB1`e@l zc;Cwu?YzVF*pcebWdE<#kS|Iw5wg zDQEPz@hT;?;Ea0qN!*RlTV%nQK>W6$F!I)ypD`EbK6rw;*uDsSwr)(r{5rmvZ-lBdo{XK6gV~t<2eDLo*pYHZj^m8w$Zu&ZuW!HnGG&5k z1%2xEMRYBUbKBRfVWSjm92Zk##}hp483VJh6Hl zdl3YhchS=_BJE!UG^j6W-@-Gn4aS!-4cu8!Iy|ujq-6 z0X(fjrq467v86I^tey1Q>to4$&VzSXR*r?X<+oGxDyHIqYEeGx(FReX2W@n(jW>j= zrb$qCeNZXEo$(2D18%(2zVSZPvz{~?pjq%vCzV1iX?@sXuz`Ly4f=VE%_z*HdL4iK zp+5qZo-`gs<9c%Tw3JHmqUPJch;1m&6IrkkXEe)m5dz>O7Dnn8cMvx^3pJZj zk{!b)VlWK{uYC-$bMg`?)<;*<*e~LOHn|jrF7JaDI^)5buI?KEtd+R7}$gb}j_f2@36;R_9{kV_X2l})b zO%JV$-NwD55OeS$#TO1K*T20GC4iA&I_|P-rhw2jL$xwk7SP z=ghaG$y9O;8+4c~lyOYKr^)N1n`q;%@yX(EgrZ-ERIS6fKN6qh4wx>1SViw!u(en+ z#~Z9eR0?%rxLL*;E_2NByxCE7mrF2a(^~Weno2yr*EpxS zg*?$Y5txnB{KBor_zSrybi?*`kMq1iMy$BtNtY2B%<EvByDws3e|#u#IPfY0uj6ez;fC z(_m@vNMH#9`X$)_f>B;ViUlR0CrL|kVJI<|B_KNzT}j;0hdPr0+5WEpg2jNPzKiMi z*`qju#yb-IBU*LF`zYX&1}7-nD2BpIkoa+O##l;RZN!$B(Onzb(U{_DyDPGDD2`~g z@p}D?_Wpvd!7BUZ2DtD@IC;O@|VX z73uXA^b=NLajErs3Uh8sHU6CxWB5hWs144j7hU7|?d>sum8{`0Nc=clnfbtJGQZTg z@mJSLIBn?1!zu(a-yw0*BPhJ;DV&BDLqp9P6rPxjcX|ydB>v!%#P%7VH5KaS4Ku52 ztCh9V;=20A^7;yYg%qgXSX*8rO|OuYI>}d6T~kr-ubq_vJfq?7_51wQ4Wq$12p?@U zoNS_y8mpBmsl?+Zy#A(Y1wDBc<)wg9uBZVtnK(YLe`9$-QvCIst82>%&xWldH2)o) zi)aE@j5soww4|=CV#8K{g7VSh-mBKuR@ZKns%xcyUkOxKNSo^_{I^MgI;qlR6}6Un zmXww)F9B3Q@t0fVU%{tkb&6E~58+a({8C+g^+wF9CNZJh=@oei>aOH}sT$bgudN^= z0{)sxsY3OWyvoY%xB8;nuz010>4BAj@{Rtv()56|rf!Q;U01tS^3`qLTwYrttyxoE zzj3WJYu2o_85tv;ssmCvkZs;l4tDV6-z~Rz2B!;dQSYTh0M!qw@P)DQnkY8?}Mny`HVov%myO9!C$|j zF5pklRZ?GFtAJG-)Q!*p(mSZx=5i7g@hzZK`0MNWOlDS5_bPwQmPB8qW_Lar-m)3O zg1kY7sr+WoRo1`(!fJgIJ^hkTt;b4NBv8fyM*3zfR%>b`j+m69p}e}Ld;_!sT!PRf z=s}gDYzfSrJ$oaTxw>H%G;8+#pm6rEHj(}K1Qi5}H`bSLmPi8wYctB~w~~fh(*p;j zN*YHSQ*6xdSUNGoHMb;Jn6Oq=Bs?(-~$ky$2ti`==U<;oLC5W;BX7c6C> zltedzfmXgSqpD$*PjIg+UbxP)%u}|`U9@oJ62UpDrnIQ66o0y#e}(C?CInf+0w~1) z(G#B@AY+mtR6$K@{Oip1FU+p+H_Wbu%s#{I3^#ddYWy3qwl{25{IFtQQT??(zu>Oh z3{xP1jdk_Hz5ak&qwp0~@844I4?salFapW5TvC*+LJ4_-0N2jAYv4Qv%WweVi`>K1Zd zfvxZyny+xvAg@kUt^}@B1K=d9 z3z(+8uCaEwpw`y=%Y9W`JaPr12KWmI5*>tv^>v&4wbGVqaLhA%xh33$Jghl@ujOVp zVPQ?3ZGAp^EbgiksvwKi<D3os9yrHh9+Q*rUs=6&)KWfW2lgqV$%8-FGh0%vw=EL&ITQa~* zIVEs~zWVAdN?rXZGb$`BueiFI^vd*W36&(E1beu8@}Ws1h2gPD3j)-Y*f)BFVa=+5 zig4aG)~Se#>U=QzLMg&8zqQ7Eb+92^geCRR1EDNdYfVL> zwZ?-5a?_@?5?%-kfr0?Y&|EYgEL5esvKnaXu|N<;3U0n^OxFo-2Tj^c6X6SOWC2)E zq?@Ff)*>^(1Ek7)l?4PZ7$H?5(AeOIGy;Ci31gJh*C} zn#tlOY)t?>^(!DW07qb&7fT)^8d_|*-4WRgkJ*T*W+R_Iw;&d_;b!9A$ULv8M$83k zKrAigB$!C3!$=FQg^|*5_sa6kWJ9imO{~pNYUGB%Vv~>nyppzMex(sEkw&v^go?V9pDI-k?@iLLE$7I>HER#)vu)B9h4(;Q~=LQn{$Smd_G_mQ-E| z`-(`N4DQ=Thj_y-@xPTRn|AYc<7`RE*W5ED zGdpGMjpJ|nVpVP3malA(QpboBCQiEEer;N=V{%Sh{ST~paP33u)|dM#{FNK4AKp|`A5gYFvTeH{2Lk?j?i?x+>G>=8t|8ZS_{dk} zWe9VnYRh?>n~Av+s?2O+HNgHL*0)S5+GneQ`q{8O5!E=a!fq;SgC5I>{heB+DfB&SC$j) zSEmX1|KDlaRrGus{x`mOC7quJ_j&b+c_rZPwdUWHYvNC|U!5l46L5+0)oGiBug0SH zE(>qxr_lestN0(b;IGD;nE!SQ&o8b@pRmgRVx|AvVb14jxP0gBU%KPYFW)t%Kwh}W zU9?!Z>N7#e5GG8Z%R3>}Y@%~{{KH(DV}&u)$Lg5? zrW6q72bjlE`#1rA(3(!w>C`yfo`4%pGlz2m{%J6L_)of7jbAe}3TQaX&-kp8h%|+M zgmkkSzoXkNFe{-~m5C4j=^a7fKj~&Qe(^t@l1`jRzn}cMqMbAEli`MIM{@wo5r{*e z)~x=Ya%g7$>KXZ~rTo=1^P6VmH%a+T0=D6TXW3$5nY>J>Ew2@32{UJ4z78p_48r&}Q@J>IQ|&U|YW?7_ls?T1Ts)=hwnXm#CB^A>7zgEHyj>4N z0mHc33FFi>jN{rcm>I^NI}CjbL-=9vDGdIEA>A-U8iuUG5KtJJ7={$WlkmmWVt6vX zxG4!=hwt_H-hl5Ed~d`Tf7BYracdZ~{t9!6VEhQik6`==#*bk92*!_K{0PR6VEhQi zk6`==#y^7bBN#sdb;NVAO!Uu0|4j7HJVNtN=!xx-dj(rlw(W+@H2aen2;=jw^y_$> zFG4vhTT9xQk!5FNmuK09JJ3#dTqS7F0YSpTtn4R}pC(Buqma;f2KdCVzOF|8L zF3hsuV=hq|Pr-N23-LJSIsCZ|xhL>-pvk}n z>gfAfpU?BJpVgPzETi{#VAtK{`n$T%s#s~k&$iMtE7pG&I85T-eR#a^ceVf1idlgw z>@9HMAk3mua$%N&J*6Gv$duOJMZpYCRx3J-YuHtN$6RQ#JiD|ESN^E&w*-ivIKu z4btcSxjgyY@nK7N|AZWyt^Unc|0fcLz(i+JXBCi4zp8)sau;vRUd|KYq?ru=!X91m znT--`(FmO->&^BOGr1c6>he5*!Hy00r+?#zKK6gG{}R9w{}Xbee>8|b+5cdFFJMRa zcUk>iR{!-^3EV}JBgA{jk)qK?u;|NBN)B7YS* G!v6(=-J-+* diff --git a/files/start.sh b/files/start.sh index 61cf89ab..87dcb0a8 100644 --- a/files/start.sh +++ b/files/start.sh @@ -1,3 +1,2 @@ #!/bin/bash -python3 -m gunicorn.app.wsgiapp dashboard.app:app --worker-class gevent --bind 0.0.0.0:8000 --workers=${DASHBOARD_GUNICORN_WORKERS:-5} --reload & -nginx -c /etc/nginx/nginx.conf -g "daemon off;" +exec python3 -m gunicorn.app.wsgiapp dashboard.app:app --worker-class gevent --bind 0.0.0.0:8000 --workers=${DASHBOARD_GUNICORN_WORKERS:-5} --reload From 6015e2e7f1385b696de140db2dfe39908724cbe5 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 15:45:46 -0400 Subject: [PATCH 009/141] Load config from environment variables --- dashboard/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dashboard/__init__.py b/dashboard/__init__.py index 5662038d..65430168 100644 --- a/dashboard/__init__.py +++ b/dashboard/__init__.py @@ -2,6 +2,7 @@ from everett.manager import ConfigManager from everett.manager import ConfigIniEnv +from everett.manager import ConfigOSEnv # -*- coding: utf-8 -*- @@ -27,5 +28,6 @@ def get_config(): "/etc/sso-dashboard.ini", ] ), + ConfigOSEnv(), ] ) From 2110722d66b4fb8f80d7b2e0c8524ecd33edd950 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 15:50:50 -0400 Subject: [PATCH 010/141] Github Actions to deploy --- .github/workflows/main.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/main.yaml diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 00000000..5f5fedb1 --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,26 @@ +name: Build SSO Dashboard and create a release in Cloud Deploy + +on: + push: + branches: + - $default_branch + - workflow_dispatch + + +jobs: + deploy: + permissions: + contents: 'read' + id-token: 'write' + + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + + - name: 'Google auth' + id: 'auth' + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' From ea545206dce63c2d15a681572ff53474aede80e1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 16:11:52 -0400 Subject: [PATCH 011/141] Rename github action workflow --- .github/workflows/{main.yaml => main.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{main.yaml => main.yml} (100%) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yml similarity index 100% rename from .github/workflows/main.yaml rename to .github/workflows/main.yml From be3351c3ffbe7fd7290d3e59fa106d35c6bd3ee7 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 16:27:49 -0400 Subject: [PATCH 012/141] Trigger action in this dev branch --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5f5fedb1..690cd4a4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -3,8 +3,7 @@ name: Build SSO Dashboard and create a release in Cloud Deploy on: push: branches: - - $default_branch - - workflow_dispatch + - 'revamp' jobs: From f76e143d886c11570cbba8afddf91e89ddb4b1af Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 16:42:37 -0400 Subject: [PATCH 013/141] Docker auth in GHA --- .github/workflows/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 690cd4a4..345c9914 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -5,6 +5,8 @@ on: branches: - 'revamp' +env: + GAR_LOCATION: us-east1 jobs: deploy: @@ -23,3 +25,7 @@ jobs: with: workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + + - name: 'Docker auth' + run: |- + gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev \ No newline at end of file From bd235df68cd206e73fec72eaa01ad9a1cd17ce17 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 17:00:10 -0400 Subject: [PATCH 014/141] GHA build and push docker --- .github/workflows/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 345c9914..2e1463f3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,6 +7,8 @@ on: env: GAR_LOCATION: us-east1 + PROJECT_ID: iam-auth0 + APP: sso-dashboard jobs: deploy: @@ -28,4 +30,10 @@ jobs: - name: 'Docker auth' run: |- - gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev \ No newline at end of file + gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev + + - name: 'Build and push container' + run: |- + docker build \ + -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . + docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" \ No newline at end of file From dea6a3acf019c2a7e6d1599238c2aab45a703b7c Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 17:06:04 -0400 Subject: [PATCH 015/141] Update certifi and dataclasses pip packages --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index a91e6511..4134bede 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,7 +8,7 @@ Beaker==1.9.0 boto==2.49.0 boto3==1.7.79 botocore==1.10.79 -certifi==2017.11.5 +certifi==2023.5.7 cffi==1.15.1 chardet==3.0.4 click==6.7 @@ -17,7 +17,7 @@ cookies==2.2.1 credstash==1.14.0 cryptography==2.0 cssmin==0.2.0 -dataclasses==0.8 +dataclasses==0.6 docker==3.7.2 docker-pycreds==0.4.0 docutils==0.14 From cb39abb4b1569c2dd90c4f6b92bb5cf4243cc31b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 12 May 2023 17:47:03 -0400 Subject: [PATCH 016/141] GHA clouddeploy templates --- .github/workflows/main.yml | 19 +++++++++++-- clouddeploy/app-prod.template.yaml | 30 ++++++++++++++++++++ clouddeploy/app-staging.template.yaml | 30 ++++++++++++++++++++ clouddeploy/clouddeploy.template.yaml | 41 +++++++++++++++++++++++++++ clouddeploy/skaffold.template.yaml | 29 +++++++++++++++++++ 5 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 clouddeploy/app-prod.template.yaml create mode 100644 clouddeploy/app-staging.template.yaml create mode 100644 clouddeploy/clouddeploy.template.yaml create mode 100644 clouddeploy/skaffold.template.yaml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2e1463f3..52b7b786 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,9 +6,10 @@ on: - 'revamp' env: + APP: sso-dashboard GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 - APP: sso-dashboard + REGION: us-east1 jobs: deploy: @@ -36,4 +37,18 @@ jobs: run: |- docker build \ -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . - docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" \ No newline at end of file + docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" + + - name: 'Render cloud deploy config manifests from templates' + run: |- + export PROJECT_ID="${{ env.PROJECT_ID }}" + export REGION="${{ env.REGION }}" + for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done + + - name: 'Create Cloud Deploy delivery pipeline' + run: |- + gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} + + - name: 'Create release name' + run: |- + echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} \ No newline at end of file diff --git a/clouddeploy/app-prod.template.yaml b/clouddeploy/app-prod.template.yaml new file mode 100644 index 00000000..b502053a --- /dev/null +++ b/clouddeploy/app-prod.template.yaml @@ -0,0 +1,30 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: 'app-prod' +spec: + template: + metadata: + annotations: + autoscaling.knative.dev/maxScale: '1' + spec: + containers: + - name: 'app' + image: 'app' + env: + - name: 'TARGET' + value: 'Prod' diff --git a/clouddeploy/app-staging.template.yaml b/clouddeploy/app-staging.template.yaml new file mode 100644 index 00000000..58355a46 --- /dev/null +++ b/clouddeploy/app-staging.template.yaml @@ -0,0 +1,30 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: 'app-staging' +spec: + template: + metadata: + annotations: + autoscaling.knative.dev/maxScale: '1' + spec: + containers: + - name: 'app' + image: 'app' + env: + - name: 'TARGET' + value: 'Staging' diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml new file mode 100644 index 00000000..58ee6101 --- /dev/null +++ b/clouddeploy/clouddeploy.template.yaml @@ -0,0 +1,41 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: deploy.cloud.google.com/v1 +kind: DeliveryPipeline +metadata: + name: 'app' +description: 'Deployment pipeline for demo app' +serialPipeline: + stages: + - targetId: 'staging' + profiles: ['staging'] + - targetId: 'prod' + profiles: ['prod'] +--- +apiVersion: deploy.cloud.google.com/v1 +kind: Target +metadata: + name: 'staging' +description: 'Staging target' +run: + location: 'projects/${PROJECT_ID}/locations/${REGION}' +--- +apiVersion: deploy.cloud.google.com/v1 +kind: Target +metadata: + name: 'prod' +description: 'Production target' +run: + location: 'projects/${PROJECT_ID}/locations/${REGION}' diff --git a/clouddeploy/skaffold.template.yaml b/clouddeploy/skaffold.template.yaml new file mode 100644 index 00000000..71312cc9 --- /dev/null +++ b/clouddeploy/skaffold.template.yaml @@ -0,0 +1,29 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: skaffold/v3alpha1 +kind: Config +metadata: + name: 'app' +deploy: + cloudrun: {} +profiles: + - name: 'staging' + manifests: + rawYaml: + - 'app-staging.yaml' + - name: 'prod' + manifests: + rawYaml: + - 'app-prod.yaml' From b033b3384b3ac63fe9e8e12cf0c78ac1d5ccc78a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 12:11:38 -0400 Subject: [PATCH 017/141] Allow unauthenticated logout route --- dashboard/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/app.py b/dashboard/app.py index 19d84d6c..caadf542 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -126,7 +126,7 @@ def forbidden(): @app.route("/logout") -@oidc.oidc_logout +#@oidc.oidc_logout def logout(): """ Redirect to new feature in NLX that destroys autologin preferences. From 4520883e89ce20712266fb064e4b91c7bf7a0d39 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 13:33:33 -0400 Subject: [PATCH 018/141] Revert "Allow unauthenticated logout route" This reverts commit b033b3384b3ac63fe9e8e12cf0c78ac1d5ccc78a. --- dashboard/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/app.py b/dashboard/app.py index caadf542..19d84d6c 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -126,7 +126,7 @@ def forbidden(): @app.route("/logout") -#@oidc.oidc_logout +@oidc.oidc_logout def logout(): """ Redirect to new feature in NLX that destroys autologin preferences. From 580180ddf17f0292655cb26add198bc5a282256f Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 17:16:43 -0400 Subject: [PATCH 019/141] Major package dependancy updates --- dashboard/app.py | 12 ++--- dashboard/oidc_auth.py | 24 +++++---- requirements.txt | 108 ++++++++++++++++------------------------- 3 files changed, 62 insertions(+), 82 deletions(-) diff --git a/dashboard/app.py b/dashboard/app.py index 19d84d6c..698df1c3 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -156,7 +156,7 @@ def signout(): @app.route("/dashboard") -@oidc.oidc_auth +@oidc.oidc_auth('default') def dashboard(): """Primary dashboard the users will interact with.""" logger.info( @@ -207,20 +207,20 @@ def styleguide_dashboard(): @app.route("/styleguide/notifications") -@oidc.oidc_auth +@oidc.oidc_auth('default') def styleguide_notifications(): user = FakeUser(config.Config(app).settings) return render_template("notifications.html", config=app.config, user=user) @app.route("/notifications") -@oidc.oidc_auth +@oidc.oidc_auth('default') def notifications(): user = User(session, config.Config(app).settings) return render_template("notifications.html", config=app.config, user=user) -@oidc.oidc_auth +@oidc.oidc_auth('default') @app.route("/alert/", methods=["POST"]) def alert_operation(alert_id): if request.method == "POST": @@ -238,7 +238,7 @@ def alert_operation(alert_id): return "500" -@oidc.oidc_auth +@oidc.oidc_auth('default') @app.route("/alert/fake", methods=["GET"]) def alert_faking(): if request.method == "GET": @@ -266,7 +266,7 @@ def alert_api(): @app.route("/info") -@oidc.oidc_auth +@oidc.oidc_auth('default') def info(): """Return the JSONified user session for debugging.""" return jsonify( diff --git a/dashboard/oidc_auth.py b/dashboard/oidc_auth.py index aae35954..37b97d4d 100644 --- a/dashboard/oidc_auth.py +++ b/dashboard/oidc_auth.py @@ -4,7 +4,9 @@ from josepy.jws import JWS """Class that governs all authentication with open id connect.""" -from flask_pyoidc.flask_pyoidc import OIDCAuthentication +from flask_pyoidc import OIDCAuthentication +from flask_pyoidc.provider_configuration import ClientMetadata +from flask_pyoidc.provider_configuration import ProviderConfiguration logger = logging.getLogger(__name__) @@ -17,17 +19,21 @@ def __init__(self, configuration): self.oidc_config = configuration def client_info(self): - client_info = {"client_id": self.oidc_config.client_id, "client_secret": self.oidc_config.client_secret} + client_info = ClientMetadata(client_id=self.oidc_config.client_id, + client_secret=self.oidc_config.client_secret) return client_info - def get_oidc(self, app): - extra_request_args = {"scope": ["openid", "profile"]} - o = OIDCAuthentication( - app, + def provider_info(self): + auth_request_params = {"scope": ["openid", "profile"]} + provider_config = ProviderConfiguration( issuer="https://{DOMAIN}".format(DOMAIN=self.oidc_config.OIDC_DOMAIN), - client_registration_info=self.client_info(), - extra_request_args=extra_request_args, - ) + client_metadata=self.client_info(), + auth_request_params=auth_request_params) + return provider_config + + def get_oidc(self, app): + provider_info = self.provider_info() + o = OIDCAuthentication({'default': provider_info}, app) return o diff --git a/requirements.txt b/requirements.txt index 4134bede..6c80f1bc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,89 +1,63 @@ -alabaster==0.7.10 -apipkg==1.4 -argh==0.26.2 -asn1crypto==0.23.0 -attrs==17.3.0 aws-xray-sdk==0.95 -Beaker==1.9.0 +Beaker==1.12.1 boto==2.49.0 boto3==1.7.79 -botocore==1.10.79 +botocore==1.10.84 certifi==2023.5.7 cffi==1.15.1 chardet==3.0.4 -click==6.7 -configobj==5.0.6 +click==8.0.4 +configobj==5.0.8 cookies==2.2.1 -credstash==1.14.0 -cryptography==2.0 -cssmin==0.2.0 -dataclasses==0.6 -docker==3.7.2 -docker-pycreds==0.4.0 -docutils==0.14 -ecdsa==0.13.3 +cryptography==40.0.2 +-e git+ssh://git@github.com/mozilla-iam/sso-dashboard.git@4520883e89ce20712266fb064e4b91c7bf7a0d39#egg=dashboard +dataclasses==0.8 +defusedxml==0.7.1 +docker==5.0.3 +docutils==0.18.1 +ecdsa==0.18.0 everett==0.9 -execnet==1.5.0 Faker==0.8.7 Flask==1.0 Flask-Assets==0.12 -Flask-pyoidc==1.3.0 +Flask-pyoidc==3.13.0 flask-talisman==0.7.0 -future==0.16.0 -gevent==1.4.0 -greenlet==0.4.15 -gunicorn==19.9.0 +future==0.18.3 idna==2.6 -itsdangerous==0.24 -Jinja2==2.10 -jmespath==0.9.3 +importlib-metadata==4.8.3 +importlib-resources==5.4.0 +itsdangerous==2.0.1 +Jinja2==3.0.3 +jmespath==0.10.0 +jose==1.0.0 josepy==1.0.1 -jsmin==3.0.0 jsondiff==1.1.1 -jsonpickle==1.1 -Mako==1.0.7 +jsonpickle==2.2.0 +Mako==1.1.6 MarkupSafe==2.0.1 -mirakuru==1.1.0 -mock==2.0.0 -mockredis==0.1.3.dev0 +mock==5.0.2 moto==1.3.4 -nose==1.3.7 -nose-watch==0.9.2 -oic==0.11.0.1 -pathtools==0.1.2 -pbr==5.1.3 -pluggy==0.6.0 -prometheus-client==0.3.1 -prometheus-flask-exporter==0.2.2 -psutil==5.6.1 -py==1.5.2 -pyaml==19.4.1 -pyasn1==0.4.3 -pycparser==2.18 -pycryptodome==3.8.1 -pycryptodomex==3.4.7 -pyjwkest==1.4.0 -pyOpenSSL==17.3.0 -pytest==3.3.1 -pytest-flask==0.10.0 -pytest-forked==0.2 -pytest-moto==0.2.0 -pytest-xdist==1.20.1 -python-dateutil==2.6.1 +oic==1.4.0 +pyaml==23.5.8 +pycparser==2.21 +pycryptodome==3.18.0 +pycryptodomex==3.18.0 +pyjwkest==1.4.2 +pyOpenSSL==23.1.1 +python-dateutil==2.8.2 python-jose==2.0.2 -pytz==2019.1 -PyYAML==5.1 +pytz==2023.3 +PyYAML==6.0 requests==2.18.4 -responses==0.10.6 -rsa==3.4.2 -s3transfer==0.1.12 +responses==0.10.15 +s3transfer==0.1.13 six==1.11.0 -text-unidecode==1.1 +text-unidecode==1.3 +typing_extensions==4.1.1 urllib3==1.22 -watchdog==0.8.3 -watchtower==0.5.2 -webassets==0.12.1 -websocket-client==0.56.0 +webassets==2.0 +websocket-client==1.3.1 Werkzeug==2.0.3 -wrapt==1.11.1 -xmltodict==0.12.0 +wrapt==1.15.0 +xmltodict==0.13.0 +zipp==3.6.0 From e246c3f252316b59170bd4134a22f9a566d5dda7 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 17:22:12 -0400 Subject: [PATCH 020/141] Fix requirements.txt --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 6c80f1bc..4ee63512 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,7 +10,6 @@ click==8.0.4 configobj==5.0.8 cookies==2.2.1 cryptography==40.0.2 --e git+ssh://git@github.com/mozilla-iam/sso-dashboard.git@4520883e89ce20712266fb064e4b91c7bf7a0d39#egg=dashboard dataclasses==0.8 defusedxml==0.7.1 docker==5.0.3 From 2161337c49fc4e8aa422331dd5e652f1c23c296d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 17:53:18 -0400 Subject: [PATCH 021/141] Clean up requirements.txt and pin updated packages --- requirements.txt | 73 +++++++++++++++++++----------------------------- 1 file changed, 28 insertions(+), 45 deletions(-) diff --git a/requirements.txt b/requirements.txt index 4ee63512..0d90f662 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,62 +1,45 @@ -aws-xray-sdk==0.95 Beaker==1.12.1 -boto==2.49.0 -boto3==1.7.79 -botocore==1.10.84 +boto3==1.26.142 +botocore==1.29.142 certifi==2023.5.7 cffi==1.15.1 -chardet==3.0.4 -click==8.0.4 -configobj==5.0.8 -cookies==2.2.1 +charset-normalizer==3.1.0 +click==8.1.3 cryptography==40.0.2 -dataclasses==0.8 defusedxml==0.7.1 -docker==5.0.3 -docutils==0.18.1 -ecdsa==0.18.0 -everett==0.9 -Faker==0.8.7 -Flask==1.0 -Flask-Assets==0.12 +everett==3.2.0 +Faker==18.9.0 +Flask==2.2.5 +Flask-Assets==2.0 Flask-pyoidc==3.13.0 -flask-talisman==0.7.0 +flask-talisman==1.0.0 future==0.18.3 -idna==2.6 -importlib-metadata==4.8.3 -importlib-resources==5.4.0 -itsdangerous==2.0.1 -Jinja2==3.0.3 -jmespath==0.10.0 +idna==3.4 +importlib-metadata==6.6.0 +importlib-resources==5.12.0 +itsdangerous==2.1.2 +Jinja2==3.1.2 +jmespath==1.0.1 jose==1.0.0 -josepy==1.0.1 -jsondiff==1.1.1 -jsonpickle==2.2.0 -Mako==1.1.6 -MarkupSafe==2.0.1 -mock==5.0.2 -moto==1.3.4 +josepy==1.13.0 +Mako==1.2.4 +MarkupSafe==2.1.2 +moto==4.1.10 oic==1.4.0 -pyaml==23.5.8 pycparser==2.21 -pycryptodome==3.18.0 pycryptodomex==3.18.0 pyjwkest==1.4.2 pyOpenSSL==23.1.1 python-dateutil==2.8.2 -python-jose==2.0.2 -pytz==2023.3 PyYAML==6.0 -requests==2.18.4 -responses==0.10.15 -s3transfer==0.1.13 -six==1.11.0 -text-unidecode==1.3 -typing_extensions==4.1.1 -urllib3==1.22 +requests==2.31.0 +responses==0.23.1 +s3transfer==0.6.1 +six==1.16.0 +types-PyYAML==6.0.12.10 +typing_extensions==4.6.2 +urllib3==1.26.16 webassets==2.0 -websocket-client==1.3.1 -Werkzeug==2.0.3 -wrapt==1.15.0 +Werkzeug==2.2.3 xmltodict==0.13.0 -zipp==3.6.0 +zipp==3.15.0 From 65073d963ebd1cbad834acbd67803dc6accdf37b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 19:14:11 -0400 Subject: [PATCH 022/141] More package dependency changes --- dashboard/__init__.py | 3 +-- requirements.txt | 6 +++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/dashboard/__init__.py b/dashboard/__init__.py index 65430168..f4cb7a71 100644 --- a/dashboard/__init__.py +++ b/dashboard/__init__.py @@ -1,9 +1,8 @@ import os from everett.manager import ConfigManager -from everett.manager import ConfigIniEnv from everett.manager import ConfigOSEnv - +from everett.ext.inifile import ConfigIniEnv # -*- coding: utf-8 -*- diff --git a/requirements.txt b/requirements.txt index 0d90f662..ad216260 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,8 +5,10 @@ certifi==2023.5.7 cffi==1.15.1 charset-normalizer==3.1.0 click==8.1.3 +configobj==5.0.8 cryptography==40.0.2 defusedxml==0.7.1 +ecdsa==0.18.0 everett==3.2.0 Faker==18.9.0 Flask==2.2.5 @@ -20,20 +22,22 @@ importlib-resources==5.12.0 itsdangerous==2.1.2 Jinja2==3.1.2 jmespath==1.0.1 -jose==1.0.0 josepy==1.13.0 Mako==1.2.4 MarkupSafe==2.1.2 moto==4.1.10 oic==1.4.0 +pyasn1==0.5.0 pycparser==2.21 pycryptodomex==3.18.0 pyjwkest==1.4.2 pyOpenSSL==23.1.1 python-dateutil==2.8.2 +python-jose==3.3.0 PyYAML==6.0 requests==2.31.0 responses==0.23.1 +rsa==4.9 s3transfer==0.6.1 six==1.16.0 types-PyYAML==6.0.12.10 From 9f70a9457ea9dea6affaf0be543511cac57017d1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 29 May 2023 19:36:10 -0400 Subject: [PATCH 023/141] Add missing cssmin package --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index ad216260..0f268016 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,6 +7,7 @@ charset-normalizer==3.1.0 click==8.1.3 configobj==5.0.8 cryptography==40.0.2 +cssmin==0.2.0 defusedxml==0.7.1 ecdsa==0.18.0 everett==3.2.0 From dbc38594317cc1f59714c7aa4939939c3765ea23 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 09:58:49 -0400 Subject: [PATCH 024/141] Clean up dockerfile and add missing python deps --- Dockerfile | 4 ---- requirements.txt | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4264ccbd..c981e586 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,13 +4,9 @@ RUN apt update && apt install -y ruby-sass \ && rm -rf /var/lib/apt/lists/* COPY ./files/start.sh /start.sh RUN chmod 755 /start.sh -COPY ./files/sso-dashboard.ini /dashboard.ini -RUN chmod 644 /dashboard.ini RUN pip3 install --upgrade pip COPY ./requirements.txt /dashboard/ RUN pip3 install -r /dashboard/requirements.txt -RUN pip3 install pyOpenSSL==17.3.0 --upgrade -RUN pip3 install cryptography==2.0 --upgrade COPY ./dashboard/ /dashboard/ RUN chmod 750 -R /dashboard RUN rm /dashboard/static/css/gen/all.css \ diff --git a/requirements.txt b/requirements.txt index 0f268016..7cbcaa05 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,6 +17,9 @@ Flask-Assets==2.0 Flask-pyoidc==3.13.0 flask-talisman==1.0.0 future==0.18.3 +gevent==22.10.2 +greenlet==2.0.2 +gunicorn==20.1.0 idna==3.4 importlib-metadata==6.6.0 importlib-resources==5.12.0 @@ -48,3 +51,5 @@ webassets==2.0 Werkzeug==2.2.3 xmltodict==0.13.0 zipp==3.15.0 +zope.event==4.6 +zope.interface==6.0 From 15a37b4a8d7a6c3ecbc2996f4970c6158e672ea2 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 10:33:40 -0400 Subject: [PATCH 025/141] Use nodejs sass instead of ruby sass --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c981e586..e7c5c1a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ FROM python:3.7-bullseye -RUN apt update && apt install -y ruby-sass \ +RUN apt update && apt install -y nodejs npm \ && rm -rf /var/lib/apt/lists/* +RUN npm install -g sass COPY ./files/start.sh /start.sh RUN chmod 755 /start.sh RUN pip3 install --upgrade pip From 682335de234e110dff0d57a6a5556d398ac432b4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 10:48:29 -0400 Subject: [PATCH 026/141] Add missing jsmin dep --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 7cbcaa05..dc48a990 100644 --- a/requirements.txt +++ b/requirements.txt @@ -27,6 +27,7 @@ itsdangerous==2.1.2 Jinja2==3.1.2 jmespath==1.0.1 josepy==1.13.0 +jsmin==3.0.1 Mako==1.2.4 MarkupSafe==2.1.2 moto==4.1.10 From dad66b4a856ce4da4f020cca66dec18f47809433 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 11:16:09 -0400 Subject: [PATCH 027/141] Return apps.yml to a skel file --- dashboard/data/apps.yml | 4045 --------------------------------------- 1 file changed, 4045 deletions(-) diff --git a/dashboard/data/apps.yml b/dashboard/data/apps.yml index 146c8ba6..cadb98be 100644 --- a/dashboard/data/apps.yml +++ b/dashboard/data/apps.yml @@ -21,4048 +21,3 @@ # The user must be a member of them to access the application. # Otherwise, # All SSO users (including the general public) can access the app. - -apps: - - application: - authorized_groups: - - mozilliansorg_netlify-access - authorized_users: [] - client_id: hj3jYIhcrgvPWTpnFoHWLPx57t6KKqhA - display: true - logo: netlify.png - name: Netlify - op: auth0 - url: https://api.netlify.com/saml/mozilla-it/init - vanity_url: - - /netlify - - application: - authorized_groups: - - mozilliansorg_web-sre-aws-access - authorized_users: [] - display: true - logo: newrelic.png - name: New Relic - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/tAtVU4uyJhaXdMEglSWKxMHliBm9yYtS - vanity_url: - - /new-relic-sre - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - display: true - logo: accountmanager.png - name: Account Portal - op: auth0 - url: https://login.mozilla.com/ - vanity_url: - - /accountmanager - - application: - authorized_groups: - - mozilliansorg_acoustic_production_access - authorized_users: [] - client_id: sBImsybtPPLyWlstD0SC35IwnAafE4nB - display: false - logo: auth0.png - name: Acoustic - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/sBImsybtPPLyWlstD0SC35IwnAafE4nB - vanity_url: - - /acoustic - - application: - authorized_groups: - - mozilliansorg_acoustic_stage_access - authorized_users: [] - client_id: inoLoMyAEOzLX1cZOvubQpcW18pk4O1S - display: false - logo: auth0.png - name: Acoustic Stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/inoLoMyAEOzLX1cZOvubQpcW18pk4O1S - vanity_url: - - /acoustic_stage - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: el46s4SPK4ZOhQBsAjtiDYKFQkXK76xm - display: false - logo: adaptive_insights.png - name: Adaptive Insights - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/el46s4SPK4ZOhQBsAjtiDYKFQkXK76xm - vanity_url: - - /adaptive - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: 9F55B8e5VmFl4lCgYObnA1TkyRFTxQ9M - display: false - logo: adobe-sign.png - name: Adobe EchoSign - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/9F55B8e5VmFl4lCgYObnA1TkyRFTxQ9M - vanity_url: - - /echosign - - application: - AAL: LOW - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - - mozilliansorg_nda - authorized_users: [] - client_id: y32eNslKsOw7cDhP6CCRGv23Zw3EYNAJ - display: true - logo: airmo.png - name: Air Mozilla - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/y32eNslKsOw7cDhP6CCRGv23Zw3EYNAJ - vanity_url: - - /airmo - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: xAJuHbCa1v0mPp72QMm88hYA2dFEvSy5 - display: false - logo: anaplan.png - name: Anaplan - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/xAJuHbCa1v0mPp72QMm88hYA2dFEvSy5 - vanity_url: - - /anaplan - - application: - authorized_groups: - - mozilliansorg_basket_admin - authorized_users: [] - client_id: 14G95j0WAteSbDicn75gsZvRPXN6bkQm - display: true - logo: basket.png - name: Basket - op: auth0 - url: https://basket-admin.us-west.moz.works/oidc/authenticate/ - - application: - authorized_groups: - - mozilliansorg_basket_admin - authorized_users: [] - client_id: xZsLG6eg9XjFm5vHKNi4pgE12gfpQM1p - display: true - logo: basket.png - name: Basket Dev - op: auth0 - url: https://basket-dev.allizom.org/oidc/authenticate/ - - application: - authorized_groups: - - mozilliansorg_basket_admin - authorized_users: [] - client_id: vBgSD2axkzQ6UnC20AFTko0oRr3elwa6 - display: true - logo: basket.png - name: Basket Staging - op: auth0 - url: https://basket-admin-stage.us-west.moz.works/oidc/authenticate/ - - application: - authorized_groups: - - service_beckon - authorized_users: [] - client_id: ZtHVNezP0k2vuZnAg5zbRuFTz76vrXpZ - display: true - logo: beckon.png - name: Beckon - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/ZtHVNezP0k2vuZnAg5zbRuFTz76vrXpZ - vanity_url: - - /beckon - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: - - casa-fivetran@mozilla.com - client_id: IU80mVpKPtIZyUZtya9ZnSTs6fKLt3JO - display: true - logo: biztera.png - name: Casa - op: auth0 - url: https://biztera.com/mozilla - vanity_url: - - /casa - - application: - authorized_groups: - - cloudhealth-power - - cloudhealth-standard - - cloudhealth-administrator - - cloudhealth-enhanced-power-user - - cloudhealth-enhanced-standard-user - authorized_users: [] - client_id: kvfwYzMi40o93JJuuzfdwzeXnnJghgwN - display: true - logo: cloudhealth.png - name: CloudHealth - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/kvfwYzMi40o93JJuuzfdwzeXnnJghgwN - vanity_url: - - /cloudhealth - - application: - authorized_groups: - - mozilliansorg_contentful-access - authorized_users: [] - client_id: i5aMJlDr5FCHEKnHTtYTb8XNmFz6h5jp - display: true - logo: contentful.png - name: Contentful - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/i5aMJlDr5FCHEKnHTtYTb8XNmFz6h5jp - vanity_url: - - /contentful - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: rehgg9cqVmHJbHw3jPYUzoU5BYYBH6XL - display: true - logo: discourse.png - name: Discourse - op: auth0 - url: https://discourse.mozilla.org/auth/auth0 - vanity_url: - - /discourse - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: RqUns8zD5oTsEsjTKAUMhF55sLfuQsGv - display: false - logo: discourse.png - name: Discourse Staging - op: auth0-dev - url: https://discourse-staging.production.paas.mozilla.community/auth/auth0 - vanity_url: - - /discourse-stage - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 3LIXec4tKVr6SltYFYUYsE0GIw0Jm2T0 - display: false - logo: discourse.png - name: Discourse-Dev - op: auth0-dev - url: https://discourse.allizom.org/auth/auth0 - vanity_url: - - /discourse-dev - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: 72Q4MlsbMzRo5Sij6y5JPDAiyGcyDKB2 - display: false - logo: domo.png - name: Domo - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/72Q4MlsbMzRo5Sij6y5JPDAiyGcyDKB2 - vanity_url: - - /domo - - application: - authorized_groups: - - everyone - authorized_users: [] - client_id: GmGXMS6RJt3ZvabfTjx16B97pETlnUxd - display: false - logo: auth0.png - name: DXR - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/GmGXMS6RJt3ZvabfTjx16B97pETlnUxd - - application: - authorized_groups: - - everyone - authorized_users: [] - client_id: kNsY9QiOy7pSUjiordq7WixztBPCepuD - display: false - logo: auth0.png - name: DXR-stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/kNsY9QiOy7pSUjiordq7WixztBPCepuD - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: DhBV04HLs6H8OeTHOlodz0LtkyY7VTU0 - display: false - logo: eventboard.png - name: EventBoard - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/DhBV04HLs6H8OeTHOlodz0LtkyY7VTU0 - vanity_url: - - /eventboard - - application: - authorized_groups: - - mozilliansorg_everestemailsuite - authorized_users: [] - client_id: 04UuoOzA5CoCWRQqKbsYc6uM1p0a4WlY - display: false - logo: auth0.png - name: Everest - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/04UuoOzA5CoCWRQqKbsYc6uM1p0a4WlY - vanity_url: - - /everest - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillajapan - - team_mozillaonline - authorized_users: [] - client_id: Qxc2EI4g0NymUBvfFKpuwPdSzJZX5TEN - display: false - logo: exacttarget.png - name: Marketing Cloud - op: auth0 - url: https://auth.s1.exacttarget.com/sso/f56e153c30265a772451342d7a59223f4d2c29351a2c305028757a572228 - vanity_url: - - /marketingcloud - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: eaiAVdOLtf2KXZvexyCCViw0154E0U6x - display: false - logo: auth0.png - name: Figma - op: auth0 - url: https://www.figma.com/saml/887474606069541975/start - vanity_url: - - /figma - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillajapan - - team_mozillaonline - - gsuite_shared_accounts - - moc_service_accounts - authorized_users: - - moc+servicenow@mozilla.com - - moc-sso-monitoring@mozilla.com - client_id: smKTjsVVxUJDEkjIftOsP0bop2NWjysa - display: true - logo: gmail.png - name: Gmail - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/smKTjsVVxUJDEkjIftOsP0bop2NWjysa?RelayState=https://mail.google.com/ - vanity_url: - - /gmail - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillajapan - - team_mozillaonline - - gsuite_shared_accounts - - moc_service_accounts - authorized_users: [] - client_id: smKTjsVVxUJDEkjIftOsP0bop2NWjysa - display: true - logo: gcal.png - name: Google Calendar - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/smKTjsVVxUJDEkjIftOsP0bop2NWjysa?RelayState=https://calendar.google.com/ - vanity_url: - - /gcalendar - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillajapan - - team_mozillaonline - - gsuite_shared_accounts - - moc_service_accounts - authorized_users: [] - client_id: smKTjsVVxUJDEkjIftOsP0bop2NWjysa - display: true - logo: gdrive.png - name: Google Drive - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/smKTjsVVxUJDEkjIftOsP0bop2NWjysa?RelayState=https://drive.google.com/ - vanity_url: - - /gdrive - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: TGlmvMW4kvEz99CRnuGnNTfxku0QNn8e - display: true - logo: greenhouse.png - name: Greenhouse - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/TGlmvMW4kvEz99CRnuGnNTfxku0QNn8e - vanity_url: - - /greenhouse - - application: - authorized_groups: - - mozilliansorg_heroku-members - authorized_users: [] - client_id: KOyQ76xjXqtsPgt4ci4bThpIz3a1396E - display: true - logo: heroku.png - name: Heroku - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/KOyQ76xjXqtsPgt4ci4bThpIz3a1396E - vanity_url: - - /heroku - - application: - authorized_groups: - - IntranetWiki - authorized_users: [] - client_id: 3TMLWJb8KIbjB1S3HeyjDm0ns192BTdZ - display: false - logo: auth0.png - name: Intranet - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/3TMLWJb8KIbjB1S3HeyjDm0ns192BTdZ - - application: - authorized_groups: - - IntranetWiki - authorized_users: [] - client_id: 0tHkuAC17kDkFip4szjsLvWHlXGJSjwc - display: false - logo: auth0.png - name: Intranet-stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/0tHkuAC17kDkFip4szjsLvWHlXGJSjwc - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: f4SlPDVeVcWBChrAvH8uLuEYyt0aW916 - display: false - logo: auth0.png - name: iplimitirc - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/f4SlPDVeVcWBChrAvH8uLuEYyt0aW916 - - application: - authorized_groups: - - service_lucidchart - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 80JNexePA737rSLhBAABqIvMJTEAn11u - display: false - logo: lucidchart.png - name: LucidChart - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/80JNexePA737rSLhBAABqIvMJTEAn11u - vanity_url: - - /lucidchart - - application: - authorized_groups: - - IntranetWiki - - GuestWiki - - moc_service_accounts - authorized_users: - - moc+servicenow@mozilla.com - - moc-sso-monitoring@mozilla.com - client_id: LVjFyOpHUdAJTLkTmDnUADnQmUKOWXO2 - display: false - logo: mana.png - name: Mana - old - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/LVjFyOpHUdAJTLkTmDnUADnQmUKOWXO2 - - application: - authorized_groups: - - team_moco - - team_mofo - - service_jira - - moc_service_accounts - - mozilliansorg_jira_vendors - authorized_users: [] - client_id: LNU9XiEHlgeU07GLt00vx4y9RR7ALsov - display: false - logo: jira.png - name: Jira - Stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/LNU9XiEHlgeU07GLt00vx4y9RR7ALsov - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: TKqD0MP8sDeJAc9QC4f5yp2r9qbx5fcZ - display: true - logo: jira.png - name: Jira - op: auth0 - url: https://mozilla-hub.atlassian.net - vanity_url: - - /jira - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: 8IhkiQO1reUO0an6e95CJ6EMBg7Lg5xQ - display: true - logo: looker.png - name: Looker - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/8IhkiQO1reUO0an6e95CJ6EMBg7Lg5xQ - vanity_url: - - /looker - - application: - authorized_groups: - - mozilliansorg_looker_stage_access - authorized_users: [] - client_id: 1do5W84RLwLWBti921ixd3otO7t2619B - display: false - logo: auth0.png - name: Looker Stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/1do5W84RLwLWBti921ixd3otO7t2619B - vanity_url: - - /looker-stage - - application: - authorized_groups: - - mozilliansorg_looker_dev_access - - mozilliansorg_looker_dev_user_access - authorized_users: [] - client_id: 5dRN6IgxPWSJrk9OQ2leoLbRDQDPCa5k - display: false - logo: auth0.png - name: Looker Dev - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/5dRN6IgxPWSJrk9OQ2leoLbRDQDPCa5k - vanity_url: - - /looker-dev - - application: - authorized_groups: - - service_mana_stage - authorized_users: [] - client_id: IuWFSguzDAqbTT4qdtmABNdCVayuCWy5 - display: false - logo: mana.png - name: Mana Stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/IuWFSguzDAqbTT4qdtmABNdCVayuCWy5 - - application: - authorized_groups: - - everyone - authorized_users: [] - display: true - logo: mdn.png - name: MDN Web Docs - op: auth0 - url: https://developer.mozilla.org/ - vanity_url: - - /mdn - - application: - authorized_groups: - - everyone - authorized_users: [] - client_id: nPr8QRo0dLxM3RRHwIXRSvhmOSPDvNr4 - display: true - logo: moderator.png - name: Moderator - op: auth0 - url: https://moderator.mozilla.org/oidc/authenticate/ - vanity_url: - - /moderator - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: HC1FeMf3dVCTnAZbQR08quMylQEUcu60 - display: false - name: vouches.mozillians.org - logo: mozillians.png - op: auth0 - url: https://vouches.mozillians.org/oidc/authenticate/ - - application: - authorized_groups: - - mozilliansorg_nucleus_admin - authorized_users: [] - client_id: a6cidU6mSbciFAjy4uRQeeuFHIsLIWgg - display: true - logo: nucleus.png - name: Nucleus - op: auth0 - url: https://nucleus.mozilla.org/oidc/authenticate/ - - application: - authorized_groups: - - mozilliansorg_nucleus_admin - authorized_users: [] - client_id: grGFAm6XbCYn3feUbyg5i9M6eyQHuhe6 - display: false - logo: nucleus.png - name: Nucleus Dev - op: auth0 - url: https://nucleus-dev.frankfurt.moz.works/oidc/authenticate/ - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: 4HNLHcA7ZSNVWSJVBk9yVxq06WRquN2L - display: false - logo: auth0.png - name: Optimizely - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/4HNLHcA7ZSNVWSJVBk9yVxq06WRquN2L - vanity_url: - - /optimizely - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: Gav1XmmrpBxts0zeDPOSfGesVrTt044k - display: false - logo: pagerduty.png - name: PagerDuty - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Gav1XmmrpBxts0zeDPOSfGesVrTt044k - vanity_url: - - /pagerduty - - application: - authorized_groups: - - ldapAdmins - authorized_users: [] - client_id: W3SoWmYcqvP2Yms14s5VTeUFCZmBOJPT - display: true - logo: auth0.png - name: PHPLDAPAdmin - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/W3SoWmYcqvP2Yms14s5VTeUFCZmBOJPT?RelayState=https://ldapadmin1.private.mdc1.mozilla.com/phpldapadmin/ - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: DBRlLjVEUbw1yWrUYAHNYl22KBkKAjql - display: true - logo: plansource.png - name: PlanSource Benefits - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/DBRlLjVEUbw1yWrUYAHNYl22KBkKAjql?RelayState=https://benefits.plansource.com/sso/employee/saml2/post/d4f3574247aa2707 - vanity_url: - - /plansource - - application: - authorized_groups: - - service_productplan - authorized_users: [] - client_id: Ky8RbBLJ36PhlagJMT46ru6DWW8AK451 - display: true - logo: productplan.png - name: ProductPlan - op: auth0 - url: https://desktop.pingone.com/mozilla/url?source=application&url=https%3A%2F%2Fsso.connect.pingidentity.com%2Fsso%2Fsp%2Finitsso%3Fsaasid%3D72a035e2-0939-4685-aa8a-8c731729298b%26idpid%3Dmozilla.com&title=IDP%20Connection&applicationtype=APPLICATION_DEFAULT&saasid=72a035e2-0939-4685-aa8a-8c731729298b&newDock=true - vanity_url: - - /productplan - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: 3rbiX5U5EZZFf9tvYpOdoUxJ6A2TnH2q - display: true - logo: riskheatmap.png - name: RiskHeatMap - op: auth0 - url: https://riskheatmap.security.mozilla.org/ - vanity_url: - - /riskheatmap - - application: - authorized_groups: - - SecurityAssuranceOpsec - authorized_users: [] - client_id: 5vVAvF2lo36Nj576GqZTTsbXzZ1AH21L - display: true - logo: riskheatmap.png - name: RiskHeatMap (Dev) - op: auth0 - url: https://riskheatmap.security.allizom.org/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: ByW5ChOPpsQaQFLcAuZBbtjFrh67uBgt - display: false - logo: salescloud.png - name: SalesCloud - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/ByW5ChOPpsQaQFLcAuZBbtjFrh67uBgt - vanity_url: - - /salescloud - - application: - authorized_groups: - - team_mofo - authorized_users: [] - client_id: Vnj9iPj1FJz4xTlco6XHLwM3oyRUO9iQ - display: true - logo: salescloud.png - name: SalesCloud Non-Profit - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Vnj9iPj1FJz4xTlco6XHLwM3oyRUO9iQ - vanity_url: - - /salesforcenonprofit - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: 54KBW3ESzKFfQws77PCXziJnPt0dYHE0 - display: false - logo: salescloud.png - name: Salesforce.com Dev Sandbox - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/54KBW3ESzKFfQws77PCXziJnPt0dYHE0 - - application: - authorized_groups: - - team_moco - - SecurityWiki - authorized_users: [] - client_id: js47vk5Ncr7Rv4SUyIyVBRXvlRSLrHVG - display: false - logo: auth0.png - name: Securitywiki - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/js47vk5Ncr7Rv4SUyIyVBRXvlRSLrHVG - - application: - authorized_groups: - - team_moco - - SecurityWiki - authorized_users: [] - client_id: OWVEwzt059vjws6mkQgGeqJChA4dBI70 - display: false - logo: auth0.png - name: Securitywiki-stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/OWVEwzt059vjws6mkQgGeqJChA4dBI70 - - application: - authorized_groups: - - mozilliansorg_snippets_admin - authorized_users: [] - client_id: A7GAcuN9gE9x3H186dKQgzS3jsV9Qmgp - display: true - logo: snippets.png - name: Snippets - op: auth0 - url: https://snippets-admin.mozilla.org/oidc/authenticate/ - - application: - authorized_groups: - - mozilliansorg_pocket_dataanalytics - authorized_users: [] - client_id: fTJMnRKzzEzw0nnfkLMv8lN1BaIrWBoz - display: false - logo: auth0.png - name: Snowflake - op: auth0 - url: https://cka72749.us-east-1.snowflakecomputing.com/ - - application: - authorized_groups: - - netops - - splunk_admin - - hris_dept_it - - team_infra - - team_secops - - team_opsec - authorized_users: [] - client_id: EUmKs3owmNdeDWxZ4CJIeSGM5ez3Suav - display: true - logo: splunk.png - name: Splunk - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/EUmKs3owmNdeDWxZ4CJIeSGM5ez3Suav - vanity_url: - - /splunk - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: dc50KcxGnMPBOSlE5QLYaDRmfrO7oXhq - display: true - logo: statuspage.png - name: StatusPage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/dc50KcxGnMPBOSlE5QLYaDRmfrO7oXhq - vanity_url: - - /statuspage - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: Wz5oO6y8oJ35Yq1B91aC4pkwlXdes7jR - display: false - logo: auth0.png - name: support.allizom.org:admin - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Wz5oO6y8oJ35Yq1B91aC4pkwlXdes7jR - - application: - authorized_groups: - - everyone - authorized_users: [] - client_id: a145ph7ZPSz97z8QkiuP1iId6MFPXXUH - display: false - logo: auth0.png - name: support.mozilla.org:admin - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/a145ph7ZPSz97z8QkiuP1iId6MFPXXUH - - application: - authorized_groups: - - team_moco - - team_mofo - - tableau_users - - moc_service_accounts - authorized_users: [] - client_id: J6oAK91WCqBLQjpG2v6U3yKyoN9FL13Q - display: true - logo: tableau.png - name: Tableau (dataviz.mozilla.org) - op: auth0 - url: https://dataviz.mozilla.org/ - vanity_url: - - /tableau - - application: - authorized_groups: - - team_moco - - team_mofo - - tableau_users - - moc_service_accounts - authorized_users: [] - client_id: P42x7zxtymbHLvBysEustI6nJWZmMmtq - display: false - logo: tableau.png - name: Tableau-staging - op: auth0 - url: https://dataviz.allizom.org/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 1db5KNoLN5rLZukvLouWwVouPkbztyso - display: false - logo: taskcluster.png - name: TaskCluster - op: auth0 - url: https://login.taskcluster.net - vanity_url: - - /taskcluster - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillajapan - - team_mozillaonline - - moc_service_accounts - authorized_users: - - moc+servicenow@mozilla.com - - moc-sso-monitoring@mozilla.com - client_id: TKqD0MP8sDeJAc9QC4f5yp2r9qbx5fcZ - display: true - logo: jsm.jpg - name: Jira Service Management - op: auth0 - url: https://mozilla-hub.atlassian.net/servicedesk/customer/portals - vanity_url: - - /thehub - - /servicenow - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: q8fZZFfGEmSB2c5uSI8hOkKdDGXnlo5z - display: true - logo: treeherder.png - name: Treeherder - op: auth0 - url: https://treeherder.mozilla.org - vanity_url: - - /treeherder - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: Hypn042D0cqtqET33nRrnqOwAcIXOqx6 - display: true - logo: workday.png - name: Workday - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Hypn042D0cqtqET33nRrnqOwAcIXOqx6 - vanity_url: - - /workday - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: kyeMyPALPK84A58vlOnb7lrCzAIFJapP - display: false - logo: workday.png - name: Workday - Preview - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/kyeMyPALPK84A58vlOnb7lrCzAIFJapP - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: pRwf1AWvIO5t4zyMsF8R18wtt1jfLp5o - display: false - logo: workday.png - name: Workday - Sandbox - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/pRwf1AWvIO5t4zyMsF8R18wtt1jfLp5o - - application: - authorized_groups: - - mozilliansorg_slack-access - - team_moco - - team_mofo - - team_mozillaonline - - hris_is_staff - authorized_users: [] - client_id: WXVdgVoCca11OtpGlK8Ir3pR9CBAlSA5 - display: true - logo: slack.png - name: Slack - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/WXVdgVoCca11OtpGlK8Ir3pR9CBAlSA5 - vanity_url: - - /slack - - application: - authorized_groups: - - team_pocket - - mozilliansorg_slack_pocket_access - authorized_users: [] - client_id: sZlNsFIG9f3vKrq9649Y7UxIyrmr8L7v - display: true - logo: slack.png - name: Slack Pocket - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/sZlNsFIG9f3vKrq9649Y7UxIyrmr8L7v - vanity_url: - - /slack-pocket - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: meBoR5vlD0kK0qeUXshNjOB1PbGKjsro - display: false - logo: auth0.png - name: Convercent - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/meBoR5vlD0kK0qeUXshNjOB1PbGKjsro?RelayState=https://app.convercent.com/ - vanity_url: - - /convercent - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: j8FN0DB6RwrlfLhX4opVAZ2tDYbBiMMU - display: false - logo: auth0.png - name: Convercent - Community - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/j8FN0DB6RwrlfLhX4opVAZ2tDYbBiMMU?RelayState=https://app.convercent.com/ - vanity_url: - - /convercentcommunity - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: i55sTCbmgUTkvHPW3SDueKlKbtPj5iRF - display: false - logo: auth0.png - name: OneTrust - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/i55sTCbmgUTkvHPW3SDueKlKbtPj5iRF - - application: - authorized_groups: - - netops - - team_infra - - team_moc - - team_opsec - - team_avops - - team_relops - - vpn_panorama - authorized_users: [] - client_id: z5zWsArYQgI63CEjMMtODh0DFtDr5oSz - display: true - logo: paloalto.png - name: Palo Alto Networks Panorama - op: auth0 - url: https://panorama.mozilla.net/ - - application: - authorized_groups: - - team_moco - - team_mofo - - cloudops_atmo_access - authorized_users: [] - client_id: 6GDrRrIYZuRRKLXXbucm4bO0eafK0AKN - display: false - logo: auth0.png - name: Analysis Telemetry - op: auth0 - url: https://analysis.telemetry.mozilla.org/ - - application: - authorized_groups: - - netops - - relops - - team_opsec - - team_moc - authorized_users: [] - client_id: GWhjnB7egp5hDryXeoD7OJRjHshWWQap - display: false - logo: auth0.png - name: Netops Gitlab - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/GWhjnB7egp5hDryXeoD7OJRjHshWWQap - - application: - authorized_groups: - - cis_whitelist - - team_moco - authorized_users: [] - client_id: BRMXeyw2avAOj7GgBD4SuIHxopb0yZJP - display: false - logo: auth0.png - name: Apache Test RP - op: auth0-dev - url: https://apache.testrp.security.allizom.org/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: FeqjZfpOqMIkcGKkd2fDjpnm5oSsOOZ2 - display: false - logo: auth0.png - name: AAL Low Test RP - op: auth0-dev - url: https://aai-low-social-ldap-pwless.testrp.security.allizom.org/ - - application: - authorized_groups: - - everyone - authorized_users: [] - client_id: mc1l0G4sJI2eQfdWxqgVNcRAD9EAgHib - display: false - logo: auth0.png - name: SSO Dashboard (Dev) - op: auth0-dev - url: https://sso.allizom.org/ - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: Q3z1fjeoZhGyws1IXDUc6rHdcYNpxTv8 - display: false - logo: auth0.png - name: PTO - op: auth0 - url: https://pto.mozilla.org/ - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: fNzzMG3XfkxQJcnUpgrGyH2deII3nFFM - display: true - logo: pto.png - name: PTO - op: auth0 - url: https://pto.mozilla.org/ - vanity_url: - - /pto - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - everyone - authorized_users: [] - client_id: VjJFa4EeFWd29pMnhyAk7AkGW2ids5UX - display: false - logo: auth0.png - name: Desk - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/VjJFa4EeFWd29pMnhyAk7AkGW2ids5UX - vanity_url: - - /desk - - application: - authorized_groups: - - hris_costcenter_1420 - - vpn_opsec_mozdef - - team_secops - - team_opsec - authorized_users: [] - client_id: PSCl3uIPg5IT2GaiOcAIJprYK7iBK32r - display: true - expire_access_when_unused_after: 7776000 - logo: mozdef.png - name: Mozilla Defense Platform - op: auth0 - url: https://mozdef.infosec.mozilla.org/ - - application: - authorized_groups: - - hris_costcenter_1420 - - vpn_opsec_mozdef - - vpn_opsec_mozdefqa - authorized_users: [] - client_id: Dj0vncaBmaHn1zxzRc1cuFQIBxD0YSGp - display: false - expire_access_when_unused_after: 7776000 - logo: mozdef.png - name: Mozilla Defense Platform QA - op: auth0 - url: https://qa1.mozdef.infosec.mozilla.org/ - - application: - authorized_groups: - - hris_costcenter_1420 - - vpn_opsec_mozdef - - vpn_opsec_mozdefqa - authorized_users: [] - client_id: JN8CMx02E4xoohapKc9l0VrWm8YdrLDV - display: false - expire_access_when_unused_after: 7776000 - logo: mozdef.png - name: Mozilla Defense Platform QA 2 - op: auth0 - url: https://qa2.mozdef.infosec.mozilla.org/ - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: t1KWNQt71oskeip2KCu9j0KhwJJbBkig - display: false - logo: auth0.png - name: Xmatters Stage - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/t1KWNQt71oskeip2KCu9j0KhwJJbBkig - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: uMkOuQX8LGTxAyYIiX4eLoc4hl0pWSJt - display: false - logo: auth0.png - name: Xmatters - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/uMkOuQX8LGTxAyYIiX4eLoc4hl0pWSJt - - application: - authorized_groups: - - aws_320464205386_admin - authorized_users: ['hcondei@mozilla.com'] - client_id: nlE73wPPuOaN0wAYKWY6QD3VcjUStehZ - display: false - logo: auth0.png - name: IAM Grafana - op: auth0 - url: https://grafana.infra.iam.mozilla.com/login/generic_oauth - vanity_url: - - /iam-grafana - - application: - authorized_groups: - - mozilliansorg_nda - - team_moco - - team_mofo - authorized_users: - - mozboxadmin@mozilla.com - - servicedesk@mozilla.com - client_id: yCKLKXrrkigZwoQ9d6xzmE5NuvVW0oBj - display: false - logo: auth0.png - name: Box - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/yCKLKXrrkigZwoQ9d6xzmE5NuvVW0oBj - vanity_url: - - /box - - application: - authorized_groups: - - service_airtable - authorized_users: [] - client_id: mKlNDH9c7JKO1Rh3HtGXdTtLntTlHefx - display: true - logo: airtable.png - name: AirTable - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/mKlNDH9c7JKO1Rh3HtGXdTtLntTlHefx - vanity_url: - - /airtable - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: ChKEapjEYTPx0T1b5QP01WhAeP8ymRJ7 - display: false - logo: auth0.png - name: admin.readitlater.com - op: auth0 - url: https://admin.readitlater.com - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: - - billing@mozilla.com - display: true - logo: expensify.png - name: Expensify - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/adMlV8Ud0Z77GLfsaa4fb4oQj8ggf0ws - vanity_url: - - /expensify - - application: - authorized_groups: - - mozilliansorg_gcp-infrastructure-production - - service_meao_gcp - authorized_users: [] - client_id: uYFDijsgXulJ040Os6VJLRxf0GG30OmC - display: true - logo: gmail.png - name: GCP Infrastructure - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/uYFDijsgXulJ040Os6VJLRxf0GG30OmC?RelayState=https://console.cloud.google.com/ - vanity_url: - - /gcp - - application: - AAL: LOW - authorized_groups: - - mozilliansorg_event-super-admins - - mozilliansorg_event-program-managers - - mozilliansorg_event-program-leads - - mozilliansorg_event-analysts - - mozilliansorg_event-event-tech - authorized_users: [] - client_id: mwPj23OAUISYVlG5VxW0xI3qSY6OKMON - display: true - logo: events.jpg - name: Events - op: auth0 - url: https://splashthat.com/users/oauth/1257 - vanity_url: - - /events - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - - zoom_non_staff - - mozilliansorg_community-zoom - authorized_users: [] - client_id: TnqNECyCfoQYd1X7c4xwMF4PMsEfyWPj - display: true - logo: zoom.png - name: Zoom - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/TnqNECyCfoQYd1X7c4xwMF4PMsEfyWPj - vanity_url: - - /zoom - - application: - authorized_groups: - - atlassian_forge - authorized_users: [] - client_id: ghFZnGJkgwTIqbs5yDn4vCnrLx3UWmaF - display: false - logo: auth0.png - name: Atlassian Forge - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/ghFZnGJkgwTIqbs5yDn4vCnrLx3UWmaF - - application: - authorized_groups: - - service_surveymonkey - authorized_users: [] - client_id: LS57OeRbl164EPk39as1TQJ3QbiMuX5M - display: false - logo: auth0.png - name: SurveyMonkey - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/LS57OeRbl164EPk39as1TQJ3QbiMuX5M - vanity_url: - - /surveymonkey - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: jijaIzcZmFCDRtV74scMb9lI87MtYNTA - display: false - logo: auth0.png - name: mozillians.org Verification Client - op: auth0 - url: https://mozillians.org/verify/identity/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: t9bMi4eTCPpMp5Y6E1Lu92iVcqU0r1P1 - display: false - logo: auth0.png - name: mozillians.org Verification Client Staging - op: auth0 - url: https://web-mozillians-staging.production.paas.mozilla.community/verify/identity/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: HvN5D3R64YNNhvcHKuMKny1O0KJZOOwH - display: false - logo: auth0.png - name: https://web-mozillians-staging.production.paas.mozilla.community -- account - verification client - op: auth0-dev - url: https://web-mozillians-staging.production.paas.mozilla.community/verify/identity/callback/ - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: tU9fTz20E17hlFVo2DViKtDLABzVxrir - display: true - logo: alchemer.png - name: Alchemer - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/tU9fTz20E17hlFVo2DViKtDLABzVxrir - vanity_url: - - /alchemer - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: 64Ud5s4qJ3GgFZQ2rUG2D4Fod0lYoUu0 - display: true - logo: concur.png - name: Concur - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/64Ud5s4qJ3GgFZQ2rUG2D4Fod0lYoUu0 - vanity_url: - - /concur - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: iz2qSHo0lSv2nRZ8V3JnOESX5UR4dcpX - display: false - logo: auth0.png - name: Navex - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/iz2qSHo0lSv2nRZ8V3JnOESX5UR4dcpX - vanity_url: - - /navex - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 1tAZ7tyiARXodCaLoy38jYmzKLqjyDX8 - display: false - logo: auth0.png - name: confluence.mozilla-community.org - op: auth0 - url: https://confluence.mozilla-community.org/plugins/servlet/samlsso - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 7RvvmjstmMm93e1eVimyRElqv8vjrEJC - display: false - logo: auth0.png - name: mcws.wpengine.com - op: auth0 - url: https://wpengine.mcws.mozilla.community/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 7wyIItkJX4t7vYEaDmGrwP9k2fBh5qWP - display: false - logo: auth0.png - name: prod.testrp.security.allizom.org - op: auth0 - url: https://prod.testrp.security.allizom.org/redirect_uri - - application: - AAL: MEDIUM - authorized_groups: - - everyone - authorized_users: [] - client_id: 8J731AkHnZXviXJWzM2kdQTENMJMSVNI - display: false - logo: auth0.png - name: jenkins.services.mozilla.community - op: auth0 - url: https://jenkins.services.mozilla.community/redirect_uri - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 9LGw821wb6hHd30HZWMy3eBE3JMtuDLs - display: false - logo: auth0.png - name: taskcluster demo - http://localhost:5050/ - op: auth0 - url: http://localhost:5050/login - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: 9sl5SW42wjikqzf9DXZSxzD8BHPf456e - display: false - logo: auth0.png - name: air-dev.allizom.org - op: auth0 - url: https://air-dev.allizom.org/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: CPnG4kKY6vWH39q2adBEyxFRAE0lO7bm - display: false - logo: auth0.png - name: opensource.mozilla.community - localhost - op: auth0 - url: http://localhost:8080/oidc/callback - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: DVvwftNuKq4miIQ0HDy7YqlkfilCAuLp - display: false - logo: auth0.png - name: crash-stats - localhost - op: auth0 - url: http://localhost:8000/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: FQw134gwheaK3KkW6fQf0JPV6P7h2yo1 - display: false - logo: auth0.png - name: https://web-mozillians-staging.production.paas.mozilla.community - op: auth0 - url: https://web-mozillians.dinopark.infra.iam.mozilla.com/oidc/callback/ - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: mC9OzwCHicAsokpRyJt468BTlO8bl5C4 - display: false - logo: auth0.png - name: https://web-mozillians.dinopark.infra.iam.mozilla.com/beta/ - op: auth0 - url: https://web-mozillians.dinopark.infra.iam.mozilla.com/beta/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: Hg3vUmTAlI2sFXR6Z4cy0Lm1hgKRapf6 - display: false - logo: auth0.png - name: pulseguardian.mozilla.org - op: auth0 - url: https://pulseguardian.mozilla.org/auth/callback - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: M9OoQEQVR0M1qtyGvPql3ZDi4T7XMQEA - display: false - logo: auth0.png - name: tools.taskcluster.net - op: auth0 - url: https://tools.taskcluster.net/login/auth0 - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: NI6D4Rk4QCZIlLOBKmTtPvrz5CyMBm23 - display: false - logo: auth0.png - name: web-remo-staging.production.paas.mozilla.community - op: auth0 - url: https://web-remo-staging.production.paas.mozilla.community/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: OwbZj5f5NnK161LTtOVshM131Nf6jWBe - display: false - logo: auth0.png - name: https://respond.mozilla.community - op: auth0 - url: https://respond.mozilla.community/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: cav8o4za5QGMXilUEjglH9cgJpQl33Ck - display: false - logo: auth0.png - name: moderator.mozilla.org - op: auth0 - url: https://moderator.mozilla.org/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: SSG7PVY70x785oW1noHJZi1Ck2wzdlyM - display: false - logo: auth0.png - name: taskcluster-tools.ngrok.io/oidc-login - op: auth0 - url: https://taskcluster-tools.ngrok.io/oidc-login - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: StXJySdOLGiWbnnmUGTC5zRGDymFSBO1 - display: false - logo: auth0.png - name: https://github.com/comzeradd/auth0-python-web-app - op: auth0 - url: http://127.0.0.1:8000/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: Tpd4uL15gBCjbypCYERVffaCuDx7hFPc - display: false - logo: auth0.png - name: discourse-localhost-development-leo-mcardle - op: auth0 - url: http://localhost:3000/auth/auth0/callback - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: U4mXW5E6cfBqLziVewwkxApHGFNPA2pI - display: false - logo: auth0.png - name: jira.mozilla-community.org - op: auth0 - url: https://jira.mozilla-community.org/plugins/servlet/samlsso - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: UCOY390lYDxgj5rU8EeXRtN6EP005k7V - display: false - logo: auth0.png - name: sso.mozilla.com - op: auth0 - url: https://sso.mozilla.com/redirect_uri - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: YwL6bJ8mXFiCplWbMLaX2fqu715rKP8u - display: false - logo: auth0.png - name: voice.mozilla.org - op: auth0 - url: https://voice.mozilla.org/callback - - application: - AAL: MEDIUM - authorized_groups: - - team_moco - - team_mofo - - mozilliansorg_nda - - mozilliansorg_dinopark-dev - authorized_users: [] - client_id: ZShocyal5HnbTYs7CH0rwytjTJGMFsav - display: false - logo: auth0.png - name: https://dinopark.k8s.dev.sso.allizom.org - op: auth0 - url: https://dinopark.k8s.dev.sso.allizom.org/redirect_uri - - application: - AAL: MEDIUM - authorized_groups: - - mozilliansorg_dinopark-test - authorized_users: [] - client_id: 7oxEfEV2QSSKQ5MhMuKJYHF9hkATHdls - display: false - logo: auth0.png - name: https://dinopark.k8s.test.sso.allizom.org - op: auth0 - url: https://dinopark.k8s.test.sso.allizom.org/redirect_uri - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: o2e391VjmnPk0115UedNTmRL8x2nySOa - display: true - logo: people.png - name: Mozilla People Directory - op: auth0 - url: https://people.mozilla.org - vanity_url: - - /phonebook - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: aDL5o9SZRaYTH5zzkGntT4l76qydMbZe - display: false - logo: auth0.png - name: sso.allizom.org - op: auth0 - url: http://localhost:5000/redirect_uri - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: aJc4zjynRegTcrrxjB7PqV8lb9FdAVBr - display: false - logo: auth0.png - name: discourse-staging.production.paas.mozilla.community - op: auth0 - url: https://discourse-staging.production.paas.mozilla.community/auth/auth0/callback - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: c4j1TRdnJPdkFGJoEsU5LtL3ltPC5QyU - display: false - logo: auth0.png - name: www.standu.ps - op: auth0 - url: https://www.standu.ps/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: lDyt2V0UvWdXsWj4lgcENLZ10E6TJ0Yt - display: false - logo: auth0.png - name: pulseguardian-dev.herokuapp.com - op: auth0 - url: https://pulseguardian-dev.allizom.org:5000/redirect_uri - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: fOrASkloZehth1DIMcHr2or37gyr74Kk - display: false - logo: auth0.png - name: moderator-stage.itsre-apps.mozit.cloud - op: auth0 - url: https://moderator-stage.itsre-apps.mozit.cloud/oidc/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: t6K0dg86KPvhkIgFAFz1CyC6reG8UV21 - display: false - logo: auth0.png - name: voice.allizom.org - op: auth0 - url: http://localhost:9000/callback - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: w5mW5ZufRCWg6metsZ7hMckSH5s3b1Cq - display: false - logo: auth0.png - name: air.allizom.org - op: auth0 - url: https://air.allizom.org/authentication/callback/ - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: wBrqQY7k2sCNWQTeBLl4B6nDEDOesXG9 - display: false - logo: auth0.png - name: mozillastaging.wake.com - op: auth0 - url: https://mozillastaging.wake.com/saml2/acs - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: ytxE7FfAMnFOXw3bF7SgKv6PwklueYUW - display: false - logo: auth0.png - name: appsvcs-generic.nubis.allizom.org - op: auth0 - url: https://sso.admin.us-west-2.appsvcs-generic.nubis.allizom.org/sso - - application: - authorized_groups: - - service_simplemdm - authorized_users: [] - client_id: 2X4EmanmPDfF3oRKS4Ex2sopZ2NsfLQU - display: false - logo: auth0.png - name: SimpleMDM - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/2X4EmanmPDfF3oRKS4Ex2sopZ2NsfLQU - vanity_url: - - /simplemdm - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: P5kUBn21KQ5m8IRMdNFONg17dJ9qTrlP - display: false - logo: auth0.png - name: InfluxData - op: auth0 - url: https://hillvalley-b40313e5.influxcloud.net - - application: - authorized_groups: - - team_moco - - team_mofo - - mozilliansorg_nda - authorized_users: [] - client_id: AJBSCa58Vu3bi1OiL30s2yCTXUkBj6KR - display: false - logo: auth0.png - name: Sotrar - op: auth0 - url: https://sotrar.mozilla.community - vanity_url: - - /sotrar - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: DGloMN2BXb0AC7lF5eRyOe1GXweqBAiI - display: false - logo: auth0.png - name: Bugzilla Management Dashboard - op: auth0 - url: https://bugzilla-management-dashboard.netlify.com/ - - application: - authorized_groups: - - team_services_ops - - balrog - authorized_users: [] - client_id: BXaDyWq2F0MNWc56hTxVnM0SkMBXMG0d - display: true - logo: balrog.png - name: Balrog - op: auth0 - url: https://aus4-admin.mozilla.org - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: zk9N7LU2ihMIy0bwlGd7GfRVXDKsGQjI - display: false - logo: auth0.png - name: Zendesk - mozilladev - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/zk9N7LU2ihMIy0bwlGd7GfRVXDKsGQjI - - application: - authorized_groups: - - team_pocket - authorized_users: [] - client_id: IJfd6g73V42fh6LHW6leFdQO7jR0A8of - display: true - logo: jira.png - name: getpocket.atlassian.net - op: auth0 - url: https://getpocket.atlassian.net/ - vanity_url: - - /pocket-jira - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: 31dwqlImDXaTqW7m8E0YY5CN16ZLf72Q - display: false - logo: auth0.png - name: Crashplan - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/31dwqlImDXaTqW7m8E0YY5CN16ZLf72Q - vanity_url: - - /crashplan - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: 2dbkrvUJa5gnxGSnMLZ1jflbtrahhrEi - display: false - logo: trello.png - name: Trello - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/2dbkrvUJa5gnxGSnMLZ1jflbtrahhrEi - vanity_url: - - /trello - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: WuFEV87Q4or1WlncXR3WRgcbD1oceeme - display: false - logo: auth0.png - name: Experimenter - op: auth0 - url: https://experimenter.services.mozilla.com - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Lh20PL4WfuZRoZ45dCW0PbnTN8wqN8fd - display: false - logo: auth0.png - name: webcompat-kibana.herokuapp.com - op: auth0 - url: https://webcompat-kibana.herokuapp.com - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_non-moco-sheriffs-basic - authorized_users: [] - client_id: jGx4Z2JTWsgQWiBmvrCNbe5WXAfMivzb - display: false - logo: auth0.png - name: earthangel-b40313e5.influxcloud.net - op: auth0 - url: https://earthangel-b40313e5.influxcloud.net - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: WLQrmFTcXlSDelnxOASZ4KJQTE5gXZFt - display: false - logo: auth0.png - name: dev.sumo.moz.works - op: auth0 - url: https://dev.sumo.moz.works - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: dWcDz6ZYNuevquzzvAgRYOgBZLxY0ucx - display: false - logo: auth0.png - name: normandy-admin.prod.mozaws.net - op: auth0 - url: https://delivery-console.prod.mozaws.net/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: k3JF93rR1HI7O2HEndhCI0p1ZyBhhMCr - display: false - logo: auth0.png - name: wpt.stage.mozaws.net - op: auth0 - url: https://wpt.stage.mozaws.net/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: OlwWsXslbA9wk5lQOHUDIUSrtIFTauTy - display: false - logo: auth0.png - name: metrics.mozilla.com/protected - op: auth0 - url: https://metrics.mozilla.com/protected - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: m6x0phAu4rq4imC6f6gRYaGmQgStCdlG - display: false - logo: auth0.png - name: strategy-and-insights.mozilla.com - op: auth0 - url: https://strategy-and-insights.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: 7YTXsNQhLSiNsXPtDdXdvryD5dN30DEb - display: false - logo: auth0.png - name: mozilla-private.report - op: auth0 - url: https://reports-dev.telemetry.mozilla.org/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: UR9C6jNpAxXBv0bEnzDsHGUQAEyasre2 - display: false - logo: auth0.png - name: data-iodide.stage.mozaws.net - op: auth0 - url: https://data-iodide.stage.mozaws.net/oidc/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: wC5AsSzi8BbDHHDDieRjU3mcpEeTVcwj - display: false - logo: auth0.png - name: grafana.telemetry.mozilla.org - op: auth0 - url: https://grafana.telemetry.mozilla.org/login/generic_oauth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: dVL10G8KVJymQ6Tx6naRZRbX6L8rhO1E - display: false - logo: auth0.png - name: stage.grafana.nonprod.dataops.mozgcp.net - op: auth0 - url: https://stage.grafana.nonprod.dataops.mozgcp.net/login/generic_oauth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 7jfouvibRlddw49I8prbSl2xrxKXwwoh - display: false - logo: auth0.png - name: activedata-private.devsvcdev.mozaws.net - op: auth0 - url: https://activedata-private.devsvcdev.mozaws.net/openidc/logout - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: R04ouRZsRnbVXztgFEA0ZdNUia6WMFa1 - display: false - logo: auth0.png - name: activedata-private.devsvcstage.mozaws.net - op: auth0 - url: https://activedata-private.devsvcstage.mozaws.net/openidc/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 8udOeshOuK7LREPL0G5Z9n2mY4expDLx - display: false - logo: auth0.png - name: activedata-private.devsvcprod.mozaws.net - op: auth0 - url: https://activedata-private.devsvcprod.mozaws.net/openidc/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 33XOsgKlENOSLXLtRv7Vb65v38plFwlg - display: false - logo: auth0.png - name: Logging 2.0 CEP Stage - op: auth0 - url: https://logging-cep.stage.mozaws.net/dashboard_output/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: l7kCqo8U1Ka2ZtlE85Dmy2a8Ic1I8y7H - display: false - logo: auth0.png - name: bacula1.private.mdc1.mozilla.com - op: auth0 - url: https://bacula1.private.mdc1.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: EtCJe9m2NFGF4TO0kIfPoT7gQqTKU0DE - display: false - logo: auth0.png - name: Foreman - op: auth0 - url: https://foreman.private.mdc1.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: MmT719PU6y84GsRkym00nVvVHi2y5hPa - display: false - logo: auth0.png - name: testwebapp.private.mdc1.mozilla.com - op: auth0 - url: https://testwebapp.private.mdc1.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Hi9rqHLPlnpRfMkc7dtkToFc3DHtcf4Z - display: false - logo: auth0.png - name: rundeck1.private.scl3.mozilla.com - op: auth0 - url: https://rundeck1.private.scl3.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: hIjZmDmmtkKuaOjmhd5HUzn0ResPDeqX - display: false - logo: auth0.png - name: wde.allizom.org - op: auth0 - url: https://wde-stage.public.mdc1.mozilla.com/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 1QcjRY2UEYySI79IqorH94Td590oqXSA - display: false - logo: auth0.png - name: admin.readitlater.localhost - op: auth0 - url: http://admin.readitlater.localhost/auth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - vpn_cloudops_shipit - authorized_users: [] - client_id: 4u5EiGAICaWFmsyWamVaN1D4f4P6MlR0 - display: false - logo: auth0.png - name: shipit.staging.mozilla-releng.net - op: auth0 - url: https://shipit.staging.mozilla-releng.net/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: XwWBobhe6XlQrngdct8sEdLFAgsW89yB - display: false - logo: auth0.png - name: serviceapi.security.allizom.org - op: auth0 - url: https://serviceapi.security.allizom.org/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_nda - authorized_users: [] - client_id: 462AVvm5b1GOLD0z7Gao0Eje24aF3Kz0 - display: false - logo: auth0.png - name: mozilla-dev.metricinsights.com - op: auth0 - url: https://mozilla-dev.metricinsights.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: xTQ9ithTGuqzB0MaPkafbj3Q6HTE2vM0 - display: false - logo: auth0.png - name: hasal-server.ateam.tpe1.mozilla.com - op: auth0 - url: http://hasal-server.ateam.tpe1.mozilla.com:8080/securityRealm/finishLogin - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: bSCGkqkGbQPAuIDt0kYqmnhimlkh2kwH - display: false - logo: auth0.png - name: atmo.stage.mozaws.net - op: auth0 - url: https://atmo.stage.mozaws.net/oidc/callback/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: m772guBT5bEt60OCg4l11NbwDbOX2SLm - display: false - logo: auth0.png - name: nubis-market.nubis.allizom.org - op: auth0 - url: https://sso.admin.us-west-2.nubis-market.nubis.allizom.org/sso - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_project-link-aws-admin - - mozilliansorg_searchfox-aws # https://bugzilla.mozilla.org/show_bug.cgi?id=1677158 - authorized_users: [] - client_id: N7lULzWtfVUDGymwDs0yDEq6ZcwmFazj - display: false - logo: auth0.png - name: AWS Federated CLI - op: auth0 - url: http://localhost:10800/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: hGFkZoxf7dzKy3PIsT7w2XTBQOhb3ZK0 - display: false - logo: auth0.png - name: testwebapp.allizom.org - op: auth0 - url: https://testwebapp.allizom.org/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: IVq10RLJgYIQX9Mzzr0hPhDkyix6kZQb - display: false - logo: auth0.png - name: wpt.dev.mozaws.net - op: auth0 - url: https://wpt.dev.mozaws.net/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: W3SoWmYcqvP2Yms14s5VTeUFCZmBOJPT - display: false - logo: auth0.png - name: ldapadmin1.private.mdc1.mozilla.com/phpldapadmin - op: auth0 - url: https://ldapadmin1.private.mdc1.mozilla.com/mellon/postResponse - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Zs6FFIXPUstFKpzBau4cRQ1aFBx4dKBR - display: false - logo: auth0.png - name: screenshots-admin.services.mozilla.com - op: auth0 - url: https://screenshots-admin.services.mozilla.com/openid/callback/login/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: iQwPHkpTw1RmbYe6ov2qFMfxbVN7DOB7 - display: false - logo: auth0.png - name: normandy-admin.stage.mozaws.net - op: auth0 - url: https://normandy-admin.stage.mozaws.net/auth/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: L0Eq6oW30PeB6mYt8NlsaZ2WqC9sj40n - display: false - logo: auth0.png - name: stage-pto.mozilla.com.tw - op: auth0 - url: https://stage-pto.mozilla.com.tw/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: albdy7m1X0YqdKEYx6qiJ9dKfg4ousn0 - display: false - logo: auth0.png - name: Logging 2.0 CEP Data - op: auth0 - url: https://logging-cep.data.mozaws.net/dashboard_output/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: N3GRGrtTfNehZYvC3vWVUgd7Rk9F2Opb - display: false - logo: auth0.png - name: panorama.mdc1.mozilla.net - op: auth0 - url: https://panorama.mdc1.mozilla.net:443/SAML20/SP/ACS - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_nda - authorized_users: [] - client_id: 725CWQLZ1oOt8XEnjsMvjYkZMZna2Y1V - display: false - logo: auth0.png - name: mozilla-stg.metricinsights.com - op: auth0 - url: https://mozilla-stg.metricinsights.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 0igrKwGTBpqNHUhPMikxMwjOrZfmzaRh - display: false - logo: auth0.png - name: https://data-stmo-rc.stage.mozaws.net - op: auth0 - url: https://data-stmo-rc.stage.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 29t2n3LKKnyTbGtWmfTkQpau0mp7QmMH - display: false - logo: auth0.png - name: bz-dev-stats-localhost - op: auth0 - url: http://localhost:5080/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: n0L5J2H8fk5T4G7Ma4Ke75Hc6Be5hsRV - display: false - logo: auth0.png - name: kinto-writer.stage.mozaws.net - op: auth0 - url: https://kinto-writer.stage.mozaws.net/v1/admin/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 3a6sbM3CfbTQ8YkZ4wW7YpOdNN5NX4Hb - display: false - logo: auth0.png - name: lando.devsvcdev.mozaws.net - op: auth0 - url: https://lando.devsvcdev.mozaws.net/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 47BCiKGMwpCH5K7IzmJ1DjrHSo82krNs - display: false - logo: auth0.png - name: lando.devsvcstage.mozaws.net - op: auth0 - url: https://lando.devsvcstage.mozaws.net/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: XMAlQpd3P8y34lZF2EvgdNkNxWIP3KD2 - display: false - logo: auth0.png - name: Safari - op: auth0 - url: https://safarijv.auth0.com/login/callback?connection=Mozilla - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: VEVkmAppSLa3zc9VRhjkDJPwNSs6Zy7B - display: false - logo: auth0.png - name: screenshots-admin-default.stage.mozaws.net - op: auth0 - url: https://screenshots-admin-default.stage.mozaws.net/openid/callback/login/ - - application: - authorized_groups: - - team_mozillaonline - - mozilliansorg_stmo_nda - - stmo_nda - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: rgE6x7G6X1i3TjOy43qYG8vbcyKtcN6E - display: false - logo: auth0.png - name: sql.telemetry.mozilla.org - op: auth0 - url: https://sql.telemetry.mozilla.org/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: LNPKbJGoCqEBuCtIZIoJg08V4QtNzfYJ - display: false - logo: auth0.png - name: graphite-mdc1.mozilla.org - op: auth0 - url: https://graphite-mdc1.mozilla.org/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: a8153qZo1lnReZ3hj3ZCmP8YMzArrHqU - display: false - logo: auth0.png - name: sumo-dev.frankfurt.moz.works - op: auth0 - url: https://sumo-dev.oregon-b.moz.works/oidc/callback/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 1KN7o6GO88DyTLHW5WlsMm5V3qNRv7Ac - display: false - logo: auth0.png - name: jenkins.ops.iam.mozilla.com - op: auth0 - url: https://jenkins.ops.iam.mozilla.com/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: nIqcS6cAGY2WRA5466YngH44T4xrrvCt - display: false - logo: auth0.png - name: tenable.io - op: auth0 - url: https://cloud.tenable.com/saml/login/53fcab98-7475-4f21-bfba-a082908ca4f4 - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_shipit_devs - authorized_users: [] - client_id: FK1mJkHhwjulTYBGklxn8W4Fhd1pgT4t - display: false - logo: auth0.png - name: mozilla-releng.net - localhost - op: auth0 - url: https://localhost:8010/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: btcSD131nsA7Mv1g01U535XPRG3qdNFp - display: false - logo: auth0.png - name: experimenter.dev.mozaws.net - op: auth0 - url: https://experimenter.dev.mozaws.net/openid/callback/login/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - statuspage_service_accounts - authorized_users: [] - client_id: KqlGE124Mr21HFF3GwSlxEkOHlrX9EG6 - display: false - logo: auth0.png - name: manage.statuspage.io - op: auth0 - url: https://manage.statuspage.io/sso/saml/consume - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - vpn_cloudops_shipit - authorized_users: [] - client_id: 2dXygwTNP3p7iLTSaEWbdoiJFkjSBqm4 - display: false - logo: auth0.png - name: shipit.mozilla-releng.net - op: auth0 - url: https://shipit.mozilla-releng.net/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: - - billing@mozilla.com - client_id: 6BLpfXP845A8yris7DaPST25HycC7l2u - display: false - logo: auth0.png - name: Expensify (getpocket.com) - op: auth0 - url: https://www.expensify.com/authentication/saml/loginCallback?domain=getpocket.com - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 5tkbwIFZqYLtZtFIDki6Nqpt8GHUzZ2J - display: false - logo: auth0.png - name: peaceful-stream-36350.herokuapp.com - op: auth0 - url: https://peaceful-stream-36350.herokuapp.com/redirect_url - - application: - authorized_groups: - - mozilliansorg_snippets_admin - authorized_users: [] - client_id: a6jCoSzt99DFySdC3qvP5oSpYcEEOsvT - display: false - logo: auth0.png - name: Snippets Stage - op: auth0 - url: https://snippets.allizom.org/oidc/callback/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: M4TY5gZQ6nUyMIjWpXWFffRJ9pD3qPb2 - display: false - logo: auth0.png - name: https://nhobot.ngrok.io - op: auth0 - url: https://nhobot.ngrok.io/callback/auth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: d8fRO14gY7fhl54HU1yDemdJxJMTIV5Q - display: false - logo: auth0.png - name: Atlassian Access - op: auth0 - url: https://auth.atlassian.com/login/callback?connection=saml-094a4f90-c6c4-4741-bfb1-17535bd11e28 - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: rrXGZ6x7J4MIWWlQ6zhTzgED2GxIsHCv - display: false - logo: auth0.png - name: pentest-master.private.mdc1.mozilla.com - op: auth0 - url: https://pentest-master.private.mdc1.mozilla.com/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: s7ICwWzGSP8WRnAkAMpIjDyayaEIOneU - display: false - logo: auth0.png - name: pto.mozilla.com.tw - op: auth0 - url: https://pto.mozilla.com.tw/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: AmqnIoKbdd59LaI4wt0pOPkuUHeMchJf - display: false - logo: auth0.png - name: Logging 2.0 CEP Devsvcprod - op: auth0 - url: https://logging-cep.devsvcprod.mozaws.net/dashboard_output/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 6BFjR5hArHbV7dzyUy2VYmnXCV5B0pdo - display: false - logo: auth0.png - name: https://anb1.fuzzing.mozilla.org/ - op: auth0 - url: https://anb1.fuzzing.mozilla.org/oidc/callback/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - statuspage_service_accounts - authorized_users: [] - client_id: qpmqtLlYhXKdezJK22j1zmML6cCLuvUg - display: false - logo: auth0.png - name: firefoxoperations.statuspage.io - op: auth0 - url: https://manage.statuspage.io/sso/saml/consume - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: amWBDrIIzlk2pyjgCyLruw0n9wplzUlm - display: false - logo: auth0.png - name: bacula1.private.scl3.mozilla.com - op: auth0 - url: https://bacula1.private.scl3.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Ef6czTFBKvTUR3FW08tYobaMGEnk9bzB - display: false - logo: auth0.png - name: DAM (NetX) - op: auth0 - url: https://mozilla.netx.net/SSO - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: ov4iTFaVzWnvGme0x7FmRarIvu10I08M - display: false - logo: auth0.png - name: ds-dashboard.data.mozaws.net - op: auth0 - url: https://ds-dashboard.data.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: rvidaekCvn75vjMcDiBGz2lsmQLDuoou - display: false - logo: auth0.png - name: mozilla.vidyocloud.com - op: auth0 - url: https://mozilla.vidyocloud.com/saml/SSO/alias/Mozilla - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: xZWh7NZy5TB6IZ7hFPTIfL0Q0XqAW7st - display: false - logo: auth0.png - name: pipeline-sql.stage.mozaws.net - op: auth0 - url: https://pipeline-sql.stage.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 5Z2yOkD1vAU6wAKX3mkFEwBWK8kBBpJD - display: false - logo: auth0.png - name: Logging 2.0 CEP Dev - op: auth0 - url: https://logging-cep.dev.mozaws.net/dashboard_output/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: K3ZolIlVbVH41tI9czWdQaPAHWriGx92 - display: false - logo: auth0.png - name: bacula1.private.mdc2.mozilla.com - op: auth0 - url: https://bacula1.private.mdc2.mozilla.com/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: F1VVD6nRTckSVrviMRaOdLBWIk1AvHYo - display: false - logo: auth0.png - name: sccache native PKCE - op: auth0 - url: http://localhost:12731/redirect - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: dXTkbChUpSCKkj3YpY4KxpZ0iYg0tkNy - display: false - logo: auth0.png - name: experimenter-app.dev.mozaws.net - op: auth0 - url: https://experimenter-app.dev.mozaws.net/openid/callback/login/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: saSz4srpJGtdSMS62v47Xb2FOQtT2xBF - display: false - logo: auth0.png - name: Duo Administration (https://duo.com) - op: auth0 - url: https://admin-4b043da5.duosecurity.com/saml/DATQ3O9LT3AC6HZHTURB/acs - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: hU1YpGcL82wL04vTPsaPAQmkilrSE7wr - display: false - logo: auth0.png - name: normandy.dev.mozaws.net - op: auth0 - url: https://normandy.dev.mozaws.net/auth/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: teqIfOHtaidNWTa79bt7VJwf2Trr3ALQ - display: false - logo: auth0.png - name: settings-writer.prod.mozaws.net - op: auth0 - url: https://settings-writer.prod.mozaws.net/v1/admin/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: e1g4q4s7Q2Jos5XOt6pyHVA9JH4G3xjJ - display: false - logo: auth0.png - name: Nagios - op: auth0 - url: https://nagios3.private.scl3.mozilla.com/scl3 - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: zw5M6MyDDixeSXQR2XiDZz46hSOKIHhr - display: false - logo: auth0.png - name: Salesforce Marketing Cloud (test) - op: auth0 - url: https://auth.test.exacttarget.com/Shibboleth.sso/SAML2/POST - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: q0tFB9QyFIKqPOOKvkFnHMj2VwrLjX46 - display: false - logo: auth0.png - name: Google (test.mozilla.com) - op: auth0 - url: https://www.google.com/a/test.mozilla.com/acs - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: vgDriXO3k0LThShbbJUfgl23uAT2MKBp - display: false - logo: auth0.png - name: https://fuzzmanager.fuzzing.mozilla.org/ - op: auth0 - url: https://fuzzmanager.fuzzing.mozilla.org/oidc/callback/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: m35Bq2g6bRV37rs3cGa4UBR0qNI3IBKR - display: false - logo: auth0.png - name: mozillauvd.vidyocloudstaging.com - op: auth0 - url: https://mozillauvd.vidyocloudstaging.com/saml/SSO/alias/MozillaUVD - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: - - iris-testing@mozilla.com - client_id: 383wZyKOqULjvIJnA4Njz04lztkmxKjf - display: false - logo: auth0.png - name: auth0proxy.stage.mozaws.net - op: auth0 - url: https://auth0proxy.stage.mozaws.net/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: TTPiEfB9nU0DxzvFxCrj2HYmCtLP1NR3 - display: false - logo: auth0.png - name: Logging 2.0 CEP Prod - op: auth0 - url: https://logging-cep.prod.mozaws.net/dashboard_output/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_nda - authorized_users: [] - client_id: y2cZ14lTdsMjJdjmUNQ3PaLDrBCNJUZl - display: false - logo: auth0.png - name: localhost:5000 - Marty Ballard - op: auth0 - url: http://localhost:5000/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: BDRmLMBwmCqyBsL52IuQW8wLBLoLSBWo - display: false - logo: auth0.png - name: wde.mozilla.org - op: auth0 - url: https://wde.mozilla.org/redirect_uri - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: LdGd1MOIwHD7flZjj5OuQlzGVAyakGvj - display: false - logo: auth0.png - name: Firefox Test Tube localhost - op: auth0 - url: http://localhost:8000/accounts/callback/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_nda - authorized_users: [] - client_id: a9d4XdRa07eZxC6GoPUI6WDFjvfyE9sY - display: false - logo: auth0.png - name: New Hire Onboarding (NHO) Slack Bot - op: auth0 - url: https://nhobot.ngrok.io/callback/auth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: wP33JOFmHQEd2TOHftxIppprqCnJzo3m - display: false - logo: auth0.png - name: DAM Stage (NetX) - op: auth0 - url: https://mozillatest.netx.net/SSO - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: - - billing@mozilla.com - client_id: adMlV8Ud0Z77GLfsaa4fb4oQj8ggf0ws - display: false - logo: auth0.png - name: Expensify - op: auth0 - url: https://www.expensify.com/authentication/saml/loginCallback?domain=mozilla.com - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Scha3pS5Y3vITvnhnbLxSla2MBMPdo3M - display: false - logo: auth0.png - name: graphite-mdc2.mozilla.org - op: auth0 - url: https://graphite-mdc2.mozilla.org/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: fkfhxgxU868c6OSstYP4FwPzGzM534r5 - display: false - logo: auth0.png - name: pto.allizom.org - op: auth0 - url: https://pto.allizom.org/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Ury9HCvBS4B1SzAH8f3YASbbcGf5QlQf - display: false - logo: auth0.png - name: LGTM.com - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Ury9HCvBS4B1SzAH8f3YASbbcGf5QlQf - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: sAwFfYrOicxvNjkA75pdZUvkPcJqUPl3 - display: false - logo: auth0.png - name: metrics.mozilla-itsre.mozit.cloud - op: auth0 - url: https://metrics.mozilla-itsre.mozit.cloud/login/generic_oauth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: wwJwws9XZ6AVA48QOUU2FCGa6XP4U3aQ - display: false - logo: auth0.png - name: Miro - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/wwJwws9XZ6AVA48QOUU2FCGa6XP4U3aQ - vanity_url: - - /miro - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: SJmdyaeuz4SkdoWgOXZxVFeQukpt5SMo - display: false - logo: auth0.png - name: Fluxx - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/SJmdyaeuz4SkdoWgOXZxVFeQukpt5SMo - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: pKXyeYwf5sIG6vImQ0HLvPpfzbZObhX0 - display: false - logo: mana.png - name: Mana Stage (new) - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/pKXyeYwf5sIG6vImQ0HLvPpfzbZObhX0 - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: TSYr6tZcybHxtOlYznB1fslCvCInnKw3 - display: false - logo: auth0.png - name: pad.mozilla.org - op: auth0 - url: https://pad.mozilla.org/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - mozilliansorg_nda - authorized_users: [] - client_id: JW5noOxn5yRl3HbThBAqet7yLqu5uoTm - display: false - logo: auth0.png - name: paste.mozilla.org - op: auth0 - url: https://paste.mozilla.org/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: nJkH6xvVNwogpLjkrTePAKwjB4NpE74h - display: false - logo: auth0.png - name: virgo-b.fuzzing.mozilla.org - op: auth0 - url: https://virgo-b.fuzzing.mozilla.org/ - - application: - authorized_groups: - - aws_320464205386_admin - authorized_users: [] - client_id: LuNrrJpcnK2Nlh75wRJ2ab6gxEJYFMQG - display: false - logo: auth0.png - name: IAM Graylog - op: auth0 - url: https://graylog.infra.iam.mozilla.com/redirect_uri - vanity_url: - - /iam-graylog - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: tAtVU4uyJhaXdMEglSWKxMHliBm9yYtS - display: false - logo: auth0.png - name: New Relic IT SRE - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/tAtVU4uyJhaXdMEglSWKxMHliBm9yYtS - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: pTTMCxf9YNo4zPOE2l81JqIGHbxkotuJ - display: false - logo: auth0.png - name: stage.taskcluster.nonprod.cloudops.mozgcp.net - op: auth0 - url: https://stage.taskcluster.nonprod.cloudops.mozgcp.net/login/mozilla-auth0/callback - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: HhsEpi14LlupTdZJjWcbsfWU0w8dVPxT - display: false - logo: auth0.png - name: fxa-support-panel2.stage.mozaws.net - op: auth0 - url: https://fxa-support-panel2.stage.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Vq6X0h7r43esUhNmrbUD1HBZskVejhHW - display: false - logo: auth0.png - name: fxa-support-panel.stage.mozaws.net - op: auth0 - url: https://fxa-support-panel.stage.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: m3UJJU40O2T6awdbhoA8V6onp3AbzU3Q - display: false - logo: auth0.png - name: iodide.telemetry.mozilla.org - op: auth0 - url: https://iodide.telemetry.mozilla.org/oidc/callback - - application: - authorized_groups: - - IntranetWiki - - GuestWiki - - moc_service_accounts - authorized_users: - - moc+servicenow@mozilla.com - - moc-sso-monitoring@mozilla.com - client_id: Qzs1IbNmnXB1js1KlhhdnwYZT9rwwF4U - display: true - logo: mana.png - name: Mana - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Qzs1IbNmnXB1js1KlhhdnwYZT9rwwF4U - vanity_url: - - /mana - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: uqaHX7JDz335eg0A89725t4GH5dLCUoW - display: false - logo: auth0.png - name: biff-5adb6e55.influxcloud.net - op: auth0 - url: https://biff-5adb6e55.influxcloud.net/login/generic_oauth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: NKhaOVehPM0VNljIiENTEP8jvaEUjYV3 - display: false - logo: auth0.png - name: star-dot.admin.readitlater.com - op: auth0 - url: https://admin.readitlater.localhost/auth - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: - - dlipski@mozilla.com - - jeide@mozilla.com - client_id: TB91RkOJc4eQhOuT0SIfUHm2nD6W3ipT - display: true - logo: coderpad.png - name: CoderPad - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/TB91RkOJc4eQhOuT0SIfUHm2nD6W3ipT - vanity_url: - - /coderpad - - application: - authorized_groups: - - service_uptycs - - service_uptycs_admin - authorized_users: [] - client_id: VDBnjB9HB3ulW5ty50toL8fW5p1GCghU - display: true - logo: uptycs.png - name: Uptycs - op: auth0 - url: https://mozilla.uptycs.io/saml/auth - vanity_url: - - /uptycs - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: ljY6JKsFj7e8qTE4WGuEgaNCq5cc1QuE - display: false - logo: discourse.png - name: Discourse - Dev - op: auth0 - url: https://discourse-dev.itsre-apps.mozit.cloud/auth/auth0/callback - vanity_url: - - /discourse-dev - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: WQnlYTEc4PYRRK3FT7n3l9VOtew1IDo2 - display: false - logo: auth0.png - name: Kevel - op: auth0 - url: https://app.kevel.co/new_login_flow.html?orgcode=mozilla - vanity_url: - - /kevel - - application: - authorized_groups: - - team_pocket - authorized_users: [] - client_id: Nw44gx8sBU2sjVvoIY8Se3solzd9XM8X - display: false - logo: auth0.png - name: recit.getpocket.dev - op: auth0 - url: https://recit.getpocket.dev/login - - application: - authorized_groups: - - vpn_fxa_support_panel - authorized_users: [] - client_id: 7EtX4Eg0zXBjI5fL3Wu53roaXEnVIFsx - display: false - logo: auth0.png - name: fxa-support-panel.prod.mozaws.net - op: auth0 - url: https://fxa-support-panel.prod.mozaws.net/openid/callback/login - - application: - authorized_groups: - - team_netops - - team_infra - authorized_users: [] - client_id: OSKMKPkvUoDg0K8agd4iHSwUam0lpr6p - display: false - logo: auth0.png - name: ConsoleFlow - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/OSKMKPkvUoDg0K8agd4iHSwUam0lpr6p - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: LGK34V7wTjZ8tkMSCQhxI0ynfiMcAsvg - display: true - logo: matrix.png - name: Matrix IM - op: auth0 - url: https://chat.mozilla.org/#/start_sso - vanity_url: - - /matrix - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: KgsLx8URDpoMK779VdNue6Yswx2ZfBKu - display: false - logo: taskcluster.png - name: FirefoxCI TaskCluster - op: auth0 - url: https://firefox-ci-tc.services.mozilla.com/ - - application: - authorized_groups: - - service_cloudsnap - authorized_users: [] - client_id: cuC3NOGPFm58H172NnOypPf1jGQwMoUf - display: false - logo: auth0.png - name: Cloudsnap - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/cuC3NOGPFm58H172NnOypPf1jGQwMoUf - - application: - authorized_groups: - - hris_costcenter_1420 - authorized_users: [] - display: true - logo: newrelic.png - name: New Relic EIS - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/yrtYw37UYq5gkna3j9f0P4L0oQD8Y6aQ - vanity_url: - - /new-relic-eis - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: Um2rLocE3s851JXNZzTPnA5DFzWe9OhQ - display: false - logo: newrelic.png - name: New Relic Emerging Tech - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/Um2rLocE3s851JXNZzTPnA5DFzWe9OhQ - vanity_url: - - /new-relic-emerging-tech - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: VeOfYrHRjGuAauFAXRYv4z0rCFe4Ibbc - display: false - logo: newrelic.png - name: New Relic SubHub - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/VeOfYrHRjGuAauFAXRYv4z0rCFe4Ibbc - vanity_url: - - /new-relic-subhub - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: rCUnlF5BH5z603b8eZ17Xb4SPnHaY4Zm - display: false - logo: newrelic.png - name: New Relic Voice - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/rCUnlF5BH5z603b8eZ17Xb4SPnHaY4Zm - vanity_url: - - /new-relic-voice - - application: - authorized_groups: - - braintree_admin_sso - - braintree_analyst - - braintree_donor_care - - braintree_legal - - braintree_manager_not_users - authorized_users: [] - client_id: x7TF6ZtJev4ktoHR4ObWmA9KeqGni6rq - display: true - logo: braintree.png - name: Braintree - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/x7TF6ZtJev4ktoHR4ObWmA9KeqGni6rq - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: p2lSKumiDFFnTfopf6zkiF3WB0W359ZK - display: false - logo: auth0 - name: Consider.it - op: auth0 - url: https://mozilla-soti.consider.it - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: pouConqZTpmZNBuKyzeWEyauZHlnAirS - display: false - logo: auth0 - name: community.mozilla.org - op: auth0 - url: https://community.mozilla.org - - application: - authorized_groups: - - service_mozilla_donate - authorized_users: [] - client_id: XdAr3brwNP9VXHcqaqC9YSepMLMMCIjS - display: false - logo: auth0 - name: Mozilla Donate - op: auth0 - url: https://give.mozilla.org - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: uGQC74llWoyAedpixUDpu8OLCf6GmqlC - display: false - logo: auth0.png - name: Retrium - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/uGQC74llWoyAedpixUDpu8OLCf6GmqlC - vanity_url: - - /retrium - - application: - authorized_groups: - - service_docusign - authorized_users: [] - client_id: 3444IQx7ZwykpuznWYd6VC6dEyvLtM9v - display: true - logo: docusign.png - name: DocuSign - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/3444IQx7ZwykpuznWYd6VC6dEyvLtM9v - vanity_url: - - /docusign - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 7i1G4gM7zGuIE4h9T6s1Mho1e9P0cxk1 - display: false - logo: auth0.png - name: Convert.com - op: auth0 - url: http://app.convert.com/auth/signin/34nrb9vvf8o51islb4s011ap6l/Mozilla - vanity_url: - - /convert - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: b2ESDyU2mJN5r6Ani52aIWxg0FoudEl8 - display: true - logo: siq.png - name: SiQ - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/b2ESDyU2mJN5r6Ani52aIWxg0FoudEl8 - vanity_url: - - /spaceiq - - /siq - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: 7HxWt6W66K2QeytVVCeOoWpJxkVExnzz - display: true - logo: ideascale.png - name: IdeaScale - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/7HxWt6W66K2QeytVVCeOoWpJxkVExnzz - vanity_url: - - /ideascale - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: wgh8S9GaE7sJ4i0QrAzeMxFXgWZYtB0l - display: false - logo: auth0.png - name: sage Intacct - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/wgh8S9GaE7sJ4i0QrAzeMxFXgWZYtB0l - vanity_url: - - /sageintacct - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: cEWzoPzUcDwk3JhpD9ENtPKMmE7T5QWv - display: false - logo: auth0.png - name: GLAM (Stage) - op: auth0 - url: https://glam-stage.bespoke.nonprod.dataops.mozgcp.net - - application: - authorized_groups: - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: WlWmEUQ2dmQFQJfKxNx1ZNkAJRKueaR1 - display: false - logo: auth0.png - name: GLAM (prod) - op: auth0 - url: https://glamtelemetry.mozilla.org - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: kfax6JBFqyXQcfEEQmEa56np04rm3uYX - display: false - logo: auth0.png - name: GLAM - op: auth0 - url: https://glam.telemetry.mozilla.org - - application: - authorized_groups: - - team_moco_benefited - - team_mofo - - team_mozillaonline - - team_elance - authorized_users: [] - client_id: NhzqLGjjqXIp3kGoonkTLSO7awPBhWsK - display: true - logo: udemy.png - name: Udemy - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/NhzqLGjjqXIp3kGoonkTLSO7awPBhWsK - vanity_url: - - /udemy - - application: - authorized_groups: - - team_moco_benefited - - team_mofo - - team_mozillaonline - - team_elance - authorized_users: [] - client_id: w8hBBYB30b12DqElacIQkFM6V2deEpwz - display: false - logo: auth0.png - name: getAbstract - Test - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/w8hBBYB30b12DqElacIQkFM6V2deEpwz - - application: - authorized_groups: - - team_moco_benefited - - team_mofo - - team_mozillaonline - - team_elance - authorized_users: [] - client_id: QdZOeq5zcpS23Ter4Er0hYmG2PjEZ9It - display: true - logo: getabstract.png - name: getAbstract - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/QdZOeq5zcpS23Ter4Er0hYmG2PjEZ9It - vanity_url: - - /getAbstract - - application: - authorized_groups: - - service_1password - authorized_users: [] - display: true - logo: 1password.png - name: 1password - op: auth0 - url: https://mozilla.1password.com/ - vanity_url: - - /1password - - application: - authorized_groups: - - team_pocket - authorized_users: [] - client_id: W9vcVP1mhAcg7EITFGSfWAsn6UwY88lR - display: true - logo: 250ok.png - name: 250ok - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/W9vcVP1mhAcg7EITFGSfWAsn6UwY88lR - vanity_url: - - /250ok - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: HNCCtcr6z8ZpFX3rT0K3SyDcNonByaUG - display: false - logo: auth0.png - name: fxa-admin-panel.stage.mozaws.net - op: auth0 - url: https://fxa-admin-panel.stage.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: GYCcYQfcwVU9lwKF8WT4AvYufBvtp7yx - display: false - logo: auth0.png - name: fxa-admin-panel.prod.mozaws.net - op: auth0 - url: https://fxa-admin-panel.prod.mozaws.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: uSpi6gd7ZqdjA3PwtJ4CavG29DQJla4Y - display: false - logo: auth0.png - name: stats.voice.mozit.cloud - op: auth0 - url: https://stats.voice.mozit.cloud/ - - application: - authorized_groups: - - stripe_subplat_admin - - stripe_subplat_analyst - - stripe_subplat_developer - - stripe_subplat_supportsp - - stripe_subplat_viewonly - authorized_users: [] - client_id: cEfnJekrSStxxxBascTjNEDAZVUPAIU2 - display: true - logo: stripe.png - name: Stripe (subplat) - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/cEfnJekrSStxxxBascTjNEDAZVUPAIU2 - vanity_url: - - /stripe-subplat - - application: - authorized_groups: - - team_moco - - team_mozillaonline - authorized_users: [] - client_id: axRGaXPRd5pe60fnEllluSN76MefFX1E - display: true - logo: cultureamp.png - name: Culture Amp - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/axRGaXPRd5pe60fnEllluSN76MefFX1E - vanity_url: - - /cultureamp - - application: - authorized_groups: - - team_mofo - authorized_users: [] - client_id: 4b1qHRbxLmNLEBgXMi5eYP0sJn5p6q7l - display: true - logo: cultureamp.png - name: Mozilla Foundation Culture Amp - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/4b1qHRbxLmNLEBgXMi5eYP0sJn5p6q7l - vanity_url: - - /mofo-cultureamp - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: HrdSoUsSJiJOKH2MICEXRXGMxTxUK5fa - display: false - logo: auth0.png - name: stage.statping.nonprod.dataops.mozgcp.net - op: auth0 - url: https://stage.statping.nonprod.dataops.mozgcp.net/openid/callback/login - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - - team_mozillaonline - authorized_users: [] - client_id: pozwk4HuT6AELY5Mf1oZPDdIDUo6VId4 - display: false - logo: auth0.png - name: health.telemetry.mozilla.org - op: auth0 - url: https://health.telemetry.mozilla.org/openid/callback/login - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: Nqo9YvvVxjpLDLPv7YGmpJXv2JNraUtH - display: true - logo: smartling.png - name: Smartling - op: auth0 - url: https://sso.smartling.com/sso-apps/dashboard/accounts/3f16c2f8 - - application: - authorized_groups: - - team_moco - - team_mofo - - team_pocket - - team_mozillaonline - authorized_users: [] - client_id: i1qBrMjJEdKlTNEVgGwc9P0xFxI9cuD8 - display: true - logo: tripactions.png - name: TripActions - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/i1qBrMjJEdKlTNEVgGwc9P0xFxI9cuD8 - vanity_url: - - /tripactions - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: XCRyDou6ETr873QKnjaFgNsuiLKl6Oj2 # https://bugzilla.mozilla.org/show_bug.cgi?id=1681831 - display: false - logo: auth0.png - name: experimenter.stage.mozaws.net - op: auth0 - url: https://stage.experimenter.nonprod.dataops.mozgcp.net/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: K1fsiDh5Ta7pc7BrEECi2VLhPyqHwy4r - display: false - logo: auth0.png - name: bugzilla-dev.allizom.org - op: auth0 - url: https://bugzilla-dev.allizom.org - - application: - authorized_groups: - - team_moco - - team_mofo - authorized_users: [] - client_id: wXpnkKIgoucVrybZmxiPnnpeSqn816qD - display: false - logo: auth0.png - name: ValiMail - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/wXpnkKIgoucVrybZmxiPnnpeSqn816qD - - application: - authorized_groups: - - mozilliansorg_everestemailsuite - authorized_users: [] - client_id: 04UuoOzA5CoCWRQqKbsYc6uM1p0a4WlY - display: true - logo: everest.png - name: Everest - op: auth0 - url: https://everest.validity.com/saml/mozilla?sso - vanity_url: - - /everest - - application: - authorized_groups: - - mozilliansorg_finance_planful - authorized_users: [] - client_id: H5ddlJSCfGP8ab65EnWaB2sd541CJAlM - display: true - logo: planful.png - name: Planful - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/H5ddlJSCfGP8ab65EnWaB2sd541CJAlM - vanity_url: - - /planful - - application: - authorized_groups: - - team_moco - - team_mofo - client_id: SS69h1GdOidHxtxeWLG2ryO5c6BYnj6O - authorized_users: [] - display: true - logo: compiler_explorer.png - name: Compiler Explorer - op: auth0 - url: https://foxyeah.com - vanity_url: - - /compiler_explorer - - application: - authorized_groups: - - team_relops - authorized_users: [] - client_id: D2MqgpKSZJKpovi6Dw74L4FUU4r5hEcR - display: false - logo: auth0.png - name: Relops Vault - op: auth0 - url: https://vault.relops.mozops.net:8200/ui/vault/auth?with=oidc - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: qr9gHxVa4UPxItn327rtu2DYnhoKilH4 - display: false - logo: auth0.png - name: Learnerbly - op: auth0 - url: https://app.learnerbly.com/auth-init/?customProvider=9bd4f3ef - vanity_url: - - /learnerbly - - application: - authorized_groups: - - mozilliansorg_web-sre-papertrail-access - authorized_users: [] - client_id: QSbhAzqUlqCSWt6iAV45um5DDGdhhDTR - display: true - logo: papertrail-logo.png - name: Papertrail Web SRE - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/QSbhAzqUlqCSWt6iAV45um5DDGdhhDTR - vanity_url: - - /papertrail-websre - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: 6T3nWVBk9uTyzXSGfxq21UtZ3jAaracA - display: true - logo: everfi.png - name: Everfi - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/6T3nWVBk9uTyzXSGfxq21UtZ3jAaracA - vanity_url: - - /everfi - - application: - authorized_groups: - - team_opsec - - team_secops - authorized_users: [] - client_id: eEAeYh6BMPfRyiSDax0tejjxkWi22zkP - display: true - logo: bitsight.png - name: BitSight - op: auth0 - url: https://service.bitsighttech.com/sso/mozilla-corporation/ - vanity_url: - - /bitsight - - application: - authorized_groups: - - team_secops - - team_opsec - - team_netops - authorized_users: [] - client_id: oU7d3KS3RqCYDFprG0nQD7eBPeO7uWyl - display: true - logo: splunk.png - name: Splunk Security SC - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/oU7d3KS3RqCYDFprG0nQD7eBPeO7uWyl - - application: - authorized_groups: - - team_secops - - team_opsec - - team_netops - authorized_users: [] - client_id: vKsQfVnX140zaI4R8bgij0cyUhrv9k2t - display: true - logo: splunk.png - name: Splunk Security ES - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/vKsQfVnX140zaI4R8bgij0cyUhrv9k2t - - application: - authorized_groups: - - team_secops - - team_opsec - - team_netops - authorized_users: [] - client_id: GbOYKyYEIIfgu34Aq2ykl8vTnGfQ28aq - display: true - logo: splunk.png - name: Splunk Security Dev - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/GbOYKyYEIIfgu34Aq2ykl8vTnGfQ28aq - - application: - authorized_groups: - - mozilliansorg_sendgrid-access - authorized_users: [] - client_id: tc4KWmjurzZJpqF3HCXcWeo7xlycNLp7 - display: true - logo: sendgrid.png - name: Twilio Sendgrid - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/tc4KWmjurzZJpqF3HCXcWeo7xlycNLp7 - vanity_url: - - /sendgrid - - application: - authorized_groups: - - mozilliansorg_talentwall-access - authorized_users: [] - client_id: 2igLHKcnjKFZDp5qOzONLM951lnJscOu - display: true - logo: talentwall.png - name: TalentWall - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/2igLHKcnjKFZDp5qOzONLM951lnJscOu - vanity_url: - - /talentwall - - application: - authorized_groups: - - mozilliansorg_helpscout-access - authorized_users: [] - client_id: 7CQiBSkH46JQsZDivIxXdB5KE9iAdDAD - display: true - logo: helpscout.png - name: Help Scout - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/7CQiBSkH46JQsZDivIxXdB5KE9iAdDAD - vanity_url: - - /helpscout - - application: - authorized_groups: - - mozilliansorg_bitrise_access - authorized_users: [] - client_id: SgKK7ZZcUT8gLcZPYq229gCHBIyWV2kq - display: true - logo: bitrise.png - name: Bitrise - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/SgKK7ZZcUT8gLcZPYq229gCHBIyWV2kq - vanity_url: - - /bitrise - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 7M49iYODCiCGdldu4awmF2Pr6pHsRZDe - display: false - logo: auth0.png - name: settings.dev.mozaws.net - op: auth0 - url: https://settings.dev.mozaws.net/v1/admin/ - - application: - authorized_groups: - - hris_is_staff - - team_moco - - team_mofo - authorized_users: [] - client_id: 12lnezLro7iC57ooPPPpVeGHXf8MhaRV - display: true - logo: textio.png - name: Textio - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/12lnezLro7iC57ooPPPpVeGHXf8MhaRV - vanity_url: - - /textio - - application: - authorized_groups: - - hris_is_staff - - team_moco - authorized_users: [] - client_id: hYQggi94XNgMBJCuENbUA1ec7uoRLecO - display: true - logo: fivetran.png - name: Fivetran - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/hYQggi94XNgMBJCuENbUA1ec7uoRLecO - vanity_url: - - /fivetran - - application: - authorized_groups: - - team_moco - authorized_users: [] - client_id: qyHptHsoTtUJR9K4xDirWZUy30cqpeWT - display: false - logo: auth0.png - name: Internal Pocket Admin Tools - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/qyHptHsoTtUJR9K4xDirWZUy30cqpeWT - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: QEM7xyeM5Bqxo5zfxvrQDWyL4Hx3F11a - display: false - logo: auth0.png - name: connect.allizom.org - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/QEM7xyeM5Bqxo5zfxvrQDWyL4Hx3F11a - vanity_url: - - /connect-stage - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: oAm19NujSERGPVL76RXh31wW5J6KnLRw - display: false - logo: auth0.png - name: connect.mozilla.org - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/oAm19NujSERGPVL76RXh31wW5J6KnLRw - vanity_url: - - /connect - - application: - authorized_groups: - - team_mozillaonline - - team_moco - - team_mofo - authorized_users: [] - client_id: 94A5PWkgKK2sJKxUnF8O8k5rNtEMdngk - display: true - logo: sentry.png - name: Sentry.io - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/94A5PWkgKK2sJKxUnF8O8k5rNtEMdngk - vanity_url: - - /sentry - - application: - authorized_groups: - - mozilliansorg_looker-people-access - authorized_users: [] - client_id: h0xnB8lHw5Gfapsg0AA8XH8jZvT1FEBv - display: true - logo: looker.png - name: Looker (People) - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/h0xnB8lHw5Gfapsg0AA8XH8jZvT1FEBv - vanity_url: - - /looker-people - - application: - AAL: LOW - authorized_groups: - - everyone - authorized_users: [] - client_id: XNmXEZhGfNaYltbCKustGunTbH0r8Gkp - display: false - logo: auth0.png - name: demo.kinto-storage.org - op: auth0 - url: https://demo.kinto-storage.org/v1/admin/ - - application: - authorized_groups: - - team_pocket - authorized_users: [] - client_id: kIaT2UagYzIAUmR0nAlvjZu6x388jR5t - display: true - logo: sentry.png - name: Sentry.io (Pocket) - op: auth0 - url: https://auth.mozilla.auth0.com/samlp/kIaT2UagYzIAUmR0nAlvjZu6x388jR5t - vanity_url: - - /sentry-pocket From 0c911bd2cd192e4fc4a60bb744a340df2d24f1e0 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 11:29:20 -0400 Subject: [PATCH 028/141] Add deployment to GHA --- .github/workflows/main.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 52b7b786..c51351ff 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,8 +30,7 @@ jobs: service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' - name: 'Docker auth' - run: |- - gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev + run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev - name: 'Build and push container' run: |- @@ -51,4 +50,14 @@ jobs: - name: 'Create release name' run: |- - echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} \ No newline at end of file + echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} + + - name: 'Create Cloud Deploy release' + uses: 'google-github-actions/create-cloud-deploy-release@v0' + with: + delivery_pipeline: '${{ env.APP }}' + name: '${{ env.RELEASE_NAME }}' + region: '${{ env.REGION }}' + description: '${{ env.GITHUB_COMMIT_MSG }}' + skaffold_file: 'config/skaffold.yaml' + images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' From cf76ddc9a48ef2bc2306ea283a05f66dbaa210a1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 11:47:03 -0400 Subject: [PATCH 029/141] Change clouddeploy templates --- clouddeploy/clouddeploy.template.yaml | 4 ++-- clouddeploy/skaffold.template.yaml | 6 +++--- ...-prod.template.yaml => sso-dashboard-prod.template.yaml} | 6 +++--- ...ng.template.yaml => sso-dashboard-staging.template.yaml} | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) rename clouddeploy/{app-prod.template.yaml => sso-dashboard-prod.template.yaml} (90%) rename clouddeploy/{app-staging.template.yaml => sso-dashboard-staging.template.yaml} (89%) diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml index 58ee6101..d988ecd1 100644 --- a/clouddeploy/clouddeploy.template.yaml +++ b/clouddeploy/clouddeploy.template.yaml @@ -15,8 +15,8 @@ apiVersion: deploy.cloud.google.com/v1 kind: DeliveryPipeline metadata: - name: 'app' -description: 'Deployment pipeline for demo app' + name: 'sso-dashboard' +description: 'Deployment pipeline for sso-dashboard' serialPipeline: stages: - targetId: 'staging' diff --git a/clouddeploy/skaffold.template.yaml b/clouddeploy/skaffold.template.yaml index 71312cc9..2a28ca1c 100644 --- a/clouddeploy/skaffold.template.yaml +++ b/clouddeploy/skaffold.template.yaml @@ -15,15 +15,15 @@ apiVersion: skaffold/v3alpha1 kind: Config metadata: - name: 'app' + name: 'sso-dashboard' deploy: cloudrun: {} profiles: - name: 'staging' manifests: rawYaml: - - 'app-staging.yaml' + - 'sso-dashboard-staging.yaml' - name: 'prod' manifests: rawYaml: - - 'app-prod.yaml' + - 'sso-dashboard-prod.yaml' diff --git a/clouddeploy/app-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml similarity index 90% rename from clouddeploy/app-prod.template.yaml rename to clouddeploy/sso-dashboard-prod.template.yaml index b502053a..44db7bcf 100644 --- a/clouddeploy/app-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -15,7 +15,7 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: - name: 'app-prod' + name: 'sso-dashboard-prod' spec: template: metadata: @@ -23,8 +23,8 @@ spec: autoscaling.knative.dev/maxScale: '1' spec: containers: - - name: 'app' - image: 'app' + - name: 'sso-dashboard' + image: 'sso-dashboard' env: - name: 'TARGET' value: 'Prod' diff --git a/clouddeploy/app-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml similarity index 89% rename from clouddeploy/app-staging.template.yaml rename to clouddeploy/sso-dashboard-staging.template.yaml index 58355a46..9a90aa6d 100644 --- a/clouddeploy/app-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -15,7 +15,7 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: - name: 'app-staging' + name: 'sso-dashboard-staging' spec: template: metadata: @@ -23,8 +23,8 @@ spec: autoscaling.knative.dev/maxScale: '1' spec: containers: - - name: 'app' - image: 'app' + - name: 'sso-dashboard' + image: 'sso-dashboard' env: - name: 'TARGET' value: 'Staging' From 78f18b48d69c8396674835bb9b78dcf33ae2f80a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 11:51:57 -0400 Subject: [PATCH 030/141] Fix path to skaffold file --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c51351ff..cf79cc48 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -59,5 +59,5 @@ jobs: name: '${{ env.RELEASE_NAME }}' region: '${{ env.REGION }}' description: '${{ env.GITHUB_COMMIT_MSG }}' - skaffold_file: 'config/skaffold.yaml' + skaffold_file: 'clouddeploy/skaffold.yaml' images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' From 1cab1a116542347b02b53104c7e6c70bb9eef4c9 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 12:14:10 -0400 Subject: [PATCH 031/141] Fix cloud deploy image name --- clouddeploy/sso-dashboard-prod.template.yaml | 2 +- clouddeploy/sso-dashboard-staging.template.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index 44db7bcf..a8e34584 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: 'sso-dashboard' - image: 'sso-dashboard' + image: 'app' env: - name: 'TARGET' value: 'Prod' diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index 9a90aa6d..1eaec20a 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: 'sso-dashboard' - image: 'sso-dashboard' + image: 'app' env: - name: 'TARGET' value: 'Staging' From b1c728925ae9c652d9c19d9a1071f8e5efe435ed Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 12:53:37 -0400 Subject: [PATCH 032/141] Include staging envs with skaffold --- .../sso-dashboard-staging.template.yaml | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index 1eaec20a..d82e426b 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -25,6 +25,85 @@ spec: containers: - name: 'sso-dashboard' image: 'app' + command: + - gunicorn + - 'dashboard.app:app' + args: + - '--worker-class' + - gevent + - '--bind' + - '0.0.0.0:8000' + - '--workers=2' + - '--log-level=debug' + ports: + - name: http1 + containerPort: 8000 env: - name: 'TARGET' value: 'Staging' + - name: SSO-DASHBOARD_DEBUG + value: False + - name: SSO-DASHBOARD_TESTING + value: False + - name: SSO-DASHBOARD_CSRF_ENABLED + value: True + - name: SSO-DASHBOARD_PERMANENT_SESSION + value: True + - name: SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME + value: 86400 + - name: SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY + value: True + - name: SSO-DASHBOARD_LOGGER_NAME + value: sso-dashboard + - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME + value: https + - name: SSO-DASHBOARD_OIDC_CLIENT_ID + value: 2KNOUCxN8AFnGGjDCGtqiDIzq8MKXi2h + - name: SSO-DASHBOARD_OIDC_DOMAIN + value: dev.mozilla-dev.auth0.com + - name: SSO-DASHBOARD_SERVER_NAME + value: sso.allizom.org + - name: SSO-DASHBOARD_CDN + value: https://cdn.sso.mozilla.com + - name: SSO-DASHBOARD_S3_BUCKET + value: sso-dashboard.configuration + - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY + value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n" + - name: AWS_DEFAULT_REGION + value: us-west-2 + - name: ENVIRONMENT + value: Staging + - name: MOZILLIANS_API_URL + value: https://mozillians.org/api/v2/users/ + - name: DASHBOARD_GUNICORN_WORKERS + value: 2 + - name: FLASK_DEBUG + value: False + - name: DEBUG + value: False + - name: LANG + value: en_US.utf8 + - name: FLASK_APP + value: dashboard/app.py + - name: OIDC_REDIRECT_URI + value: https://sso.allizom.org/redirect_uri + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-aws-secret-access-key + - name: SSO-DASHBOARD_SECRET_KEY + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-dev-secret-key + - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-dev-oidc-client-secret + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-aws-access-key-id From fa8ea8dc5eca1e407f24474301aeea3f7dfdc381 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 16:32:18 -0400 Subject: [PATCH 033/141] Add envs for prod deployment --- clouddeploy/sso-dashboard-prod.template.yaml | 83 +++++++++++++++++++- 1 file changed, 81 insertions(+), 2 deletions(-) diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index a8e34584..70639690 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -25,6 +25,85 @@ spec: containers: - name: 'sso-dashboard' image: 'app' + command: + - gunicorn + - 'dashboard.app:app' + args: + - '--worker-class' + - gevent + - '--bind' + - '0.0.0.0:8000' + - '--workers=2' + - '--log-level=debug' + ports: + - name: http1 + containerPort: 8000 env: - - name: 'TARGET' - value: 'Prod' + - name: TARGET + value: Prod + - name: SSO-DASHBOARD_DEBUG + value: False + - name: SSO-DASHBOARD_TESTING + value: False + - name: SSO-DASHBOARD_CSRF_ENABLED + value: True + - name: SSO-DASHBOARD_PERMANENT_SESSION + value: True + - name: SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME + value: 86400 + - name: SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY + value: True + - name: SSO-DASHBOARD_LOGGER_NAME + value: sso-dashboard + - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME + value: https + - name: SSO-DASHBOARD_OIDC_CLIENT_ID + value: UCOY390lYDxgj5rU8EeXRtN6EP005k7V + - name: SSO-DASHBOARD_OIDC_DOMAIN + value: auth.mozilla.auth0.com + - name: SSO-DASHBOARD_SERVER_NAME + value: sso.mozilla.com + - name: SSO-DASHBOARD_CDN + value: https://cdn.sso.mozilla.com + - name: SSO-DASHBOARD_S3_BUCKET + value: sso-dashboard.configuration + - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY + value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n" + - name: AWS_DEFAULT_REGION + value: us-west-2 + - name: ENVIRONMENT + value: Prod + - name: MOZILLIANS_API_URL + value: https://mozillians.org/api/v2/users/ + - name: DASHBOARD_GUNICORN_WORKERS + value: 2 + - name: FLASK_DEBUG + value: False + - name: DEBUG + value: False + - name: LANG + value: en_US.utf8 + - name: FLASK_APP + value: dashboard/app.py + - name: OIDC_REDIRECT_URI + value: https://sso.mozilla.com/redirect_uri + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-aws-secret-access-key + - name: SSO-DASHBOARD_SECRET_KEY + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-prod-secret-key + - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-prod-oidc-client-secret + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-aws-access-key-id From 2f6535e9d4771ab980753586502102cad4d424ce Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 19:29:58 -0400 Subject: [PATCH 034/141] Remove and untrack .vscode settings --- .gitignore | 1 + .vscode/settings.json | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.gitignore b/.gitignore index 18c79a4a..ee47404e 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ pip-selfcheck.json tests/test_activate_actual.output bower_components node_modules +.vscode/* diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 53d8ec25..00000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "python.pythonPath": "venv/bin/python3.7" -} \ No newline at end of file From 4a8e3d63aba1e2105e2d2d5e74c6e336bf7048f8 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 19:34:32 -0400 Subject: [PATCH 035/141] Set unique service accounts for cloud run --- clouddeploy/sso-dashboard-prod.template.yaml | 1 + clouddeploy/sso-dashboard-staging.template.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index 70639690..bc3ba748 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -25,6 +25,7 @@ spec: containers: - name: 'sso-dashboard' image: 'app' + serviceAccountName: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com command: - gunicorn - 'dashboard.app:app' diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index d82e426b..b3ed6ffd 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -25,6 +25,7 @@ spec: containers: - name: 'sso-dashboard' image: 'app' + serviceAccountName: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com command: - gunicorn - 'dashboard.app:app' From 92c495da6246d3980f58709646de412187289aca Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 19:49:04 -0400 Subject: [PATCH 036/141] Put service account in the correct place --- clouddeploy/clouddeploy.template.yaml | 4 ++++ clouddeploy/sso-dashboard-prod.template.yaml | 1 - clouddeploy/sso-dashboard-staging.template.yaml | 1 - 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml index d988ecd1..3f60e2aa 100644 --- a/clouddeploy/clouddeploy.template.yaml +++ b/clouddeploy/clouddeploy.template.yaml @@ -31,6 +31,8 @@ metadata: description: 'Staging target' run: location: 'projects/${PROJECT_ID}/locations/${REGION}' +executionConfigs: + serviceAccount: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com --- apiVersion: deploy.cloud.google.com/v1 kind: Target @@ -39,3 +41,5 @@ metadata: description: 'Production target' run: location: 'projects/${PROJECT_ID}/locations/${REGION}' +executionConfigs: + serviceAccount: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index bc3ba748..70639690 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -25,7 +25,6 @@ spec: containers: - name: 'sso-dashboard' image: 'app' - serviceAccountName: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com command: - gunicorn - 'dashboard.app:app' diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index b3ed6ffd..d82e426b 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -25,7 +25,6 @@ spec: containers: - name: 'sso-dashboard' image: 'app' - serviceAccountName: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com command: - gunicorn - 'dashboard.app:app' From 5a3dbc0d8c6c4ff3a91eb2f922e7121b56b9edf8 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 20:44:33 -0400 Subject: [PATCH 037/141] Add usages lists for clouddeploy --- clouddeploy/clouddeploy.template.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml index 3f60e2aa..6ae23e72 100644 --- a/clouddeploy/clouddeploy.template.yaml +++ b/clouddeploy/clouddeploy.template.yaml @@ -32,6 +32,9 @@ description: 'Staging target' run: location: 'projects/${PROJECT_ID}/locations/${REGION}' executionConfigs: +- usages: + - RENDER + - DEPLOY serviceAccount: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com --- apiVersion: deploy.cloud.google.com/v1 @@ -42,4 +45,7 @@ description: 'Production target' run: location: 'projects/${PROJECT_ID}/locations/${REGION}' executionConfigs: +- usages: + - RENDER + - DEPLOY serviceAccount: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com From d03adfaa3acdeec99aaff7dbe69cc9a6de90fd4a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 20:59:04 -0400 Subject: [PATCH 038/141] Remove RENDER from usages --- clouddeploy/clouddeploy.template.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml index 6ae23e72..276fe885 100644 --- a/clouddeploy/clouddeploy.template.yaml +++ b/clouddeploy/clouddeploy.template.yaml @@ -33,7 +33,6 @@ run: location: 'projects/${PROJECT_ID}/locations/${REGION}' executionConfigs: - usages: - - RENDER - DEPLOY serviceAccount: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com --- @@ -46,6 +45,5 @@ run: location: 'projects/${PROJECT_ID}/locations/${REGION}' executionConfigs: - usages: - - RENDER - DEPLOY serviceAccount: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com From a2f0a099708a6aa7828cf2ecb71862cfac42f87b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 30 May 2023 21:05:55 -0400 Subject: [PATCH 039/141] Revert "Remove RENDER from usages" This reverts commit d03adfaa3acdeec99aaff7dbe69cc9a6de90fd4a. --- clouddeploy/clouddeploy.template.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml index 276fe885..6ae23e72 100644 --- a/clouddeploy/clouddeploy.template.yaml +++ b/clouddeploy/clouddeploy.template.yaml @@ -33,6 +33,7 @@ run: location: 'projects/${PROJECT_ID}/locations/${REGION}' executionConfigs: - usages: + - RENDER - DEPLOY serviceAccount: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com --- @@ -45,5 +46,6 @@ run: location: 'projects/${PROJECT_ID}/locations/${REGION}' executionConfigs: - usages: + - RENDER - DEPLOY serviceAccount: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com From 65330656c4aa99dcea09222fa4af4b2ad505670c Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 13:11:56 -0400 Subject: [PATCH 040/141] Enable GHA slack notifications --- .github/workflows/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cf79cc48..20d0fa90 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -61,3 +61,24 @@ jobs: description: '${{ env.GITHUB_COMMIT_MSG }}' skaffold_file: 'clouddeploy/skaffold.yaml' images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' + + - name: Send notification to Slackw + id: slack + uses: slackapi/slack-github-action@v1.24.0 + with: + payload: | + { + "text": "GitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "GitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 17ad2cc4abaf6df8333c9eeb046ed1726cd7e976 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 14:11:41 -0400 Subject: [PATCH 041/141] Enhance slack notifaction payload --- .github/workflows/main.yml | 14 +--- .github/workflows/payload-slack-content.json | 70 ++++++++++++++++++++ 2 files changed, 71 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/payload-slack-content.json diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 20d0fa90..de332421 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -66,19 +66,7 @@ jobs: id: slack uses: slackapi/slack-github-action@v1.24.0 with: - payload: | - { - "text": "GitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}", - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "GitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" - } - } - ] - } + payload-file-path: "./payload-slack-content.json" env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json new file mode 100644 index 00000000..27cbf6aa --- /dev/null +++ b/.github/workflows/payload-slack-content.json @@ -0,0 +1,70 @@ +{ + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": ":link-run: Github Action Notification", + "emoji": true + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Deployment status: :white_check_mark: ${{ github.action_status }}" + } + }, + { + "type": "section", + "fields": [ + { + "type": "plain_text", + "text": "Repo: ${{ github.repository }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "SHA: ${{ github.sha }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Branch/Tag: ${{ github.ref_type }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Actor: ${{ github.actor }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Workflow: ${{ github.workflow }}", + "emoji": true + } + ] + }, + { + "type": "divider" + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Build action URL:" + }, + "accessory": { + "type": "button", + "text": { + "type": "plain_text", + "text": ":link: Link to Action", + "emoji": true + }, + "value": "action_url", + "url": "https://github.com/mozilla-iam/sso-dashboard/actions/runs/${{ github.run_id }}", + "action_id": "button-action" + } + } + ] +} From 0af6f5adf41d79dee3a9941f745af307e72f16a1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 14:19:13 -0400 Subject: [PATCH 042/141] Fix payload path --- .github/workflows/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index de332421..aaf42cb7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -62,11 +62,12 @@ jobs: skaffold_file: 'clouddeploy/skaffold.yaml' images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' - - name: Send notification to Slackw + - name: Send notification to Slack + if: always() id: slack uses: slackapi/slack-github-action@v1.24.0 with: - payload-file-path: "./payload-slack-content.json" + payload-file-path: ".github/workflows/payload-slack-content.json" env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 0776b732de65fe361bf830062c6b0fcb8f215ea1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 15:35:33 -0400 Subject: [PATCH 043/141] Fix gha context refs --- .github/workflows/payload-slack-content.json | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 27cbf6aa..5450bf9b 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -12,7 +12,7 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "Deployment status: :white_check_mark: ${{ github.action_status }}" + "text": "Deployment status: :white_check_mark: ${{ job.status }}" } }, { @@ -20,7 +20,7 @@ "fields": [ { "type": "plain_text", - "text": "Repo: ${{ github.repository }}", + "text": "Repo: ${{ github.ref }}", "emoji": true }, { @@ -28,11 +28,6 @@ "text": "SHA: ${{ github.sha }}", "emoji": true }, - { - "type": "plain_text", - "text": "Branch/Tag: ${{ github.ref_type }}", - "emoji": true - }, { "type": "plain_text", "text": "Actor: ${{ github.actor }}", @@ -40,7 +35,7 @@ }, { "type": "plain_text", - "text": "Workflow: ${{ github.workflow }}", + "text": "Event: ${{ github.event_name }}", "emoji": true } ] From 72bab0e87d86db2bc39a6ddb2cca472c40253780 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 16:34:19 -0400 Subject: [PATCH 044/141] Temp gha context debug output --- .github/workflows/main.yml | 14 ++++++++++ .github/workflows/payload-slack-content.json | 27 +------------------- 2 files changed, 15 insertions(+), 26 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index aaf42cb7..7e1eeac7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,20 @@ jobs: runs-on: ubuntu-latest steps: + - name: Dump GitHub context + id: github_context_step + run: echo '${{ toJSON(github) }}' + - name: Dump job context + run: echo '${{ toJSON(job) }}' + - name: Dump steps context + run: echo '${{ toJSON(steps) }}' + - name: Dump runner context + run: echo '${{ toJSON(runner) }}' + - name: Dump strategy context + run: echo '${{ toJSON(strategy) }}' + - name: Dump matrix context + run: echo '${{ toJSON(matrix) }}' + - name: 'Checkout' uses: 'actions/checkout@v3' diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 5450bf9b..92ee2e10 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -15,31 +15,6 @@ "text": "Deployment status: :white_check_mark: ${{ job.status }}" } }, - { - "type": "section", - "fields": [ - { - "type": "plain_text", - "text": "Repo: ${{ github.ref }}", - "emoji": true - }, - { - "type": "plain_text", - "text": "SHA: ${{ github.sha }}", - "emoji": true - }, - { - "type": "plain_text", - "text": "Actor: ${{ github.actor }}", - "emoji": true - }, - { - "type": "plain_text", - "text": "Event: ${{ github.event_name }}", - "emoji": true - } - ] - }, { "type": "divider" }, @@ -57,7 +32,7 @@ "emoji": true }, "value": "action_url", - "url": "https://github.com/mozilla-iam/sso-dashboard/actions/runs/${{ github.run_id }}", + "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "action_id": "button-action" } } From f0a69ac85695fb7ad17fcac07b491f058f310ae1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 16:39:52 -0400 Subject: [PATCH 045/141] Temp jobs context debug output --- .github/workflows/main.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7e1eeac7..c78c6f6e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,19 +19,8 @@ jobs: runs-on: ubuntu-latest steps: - - name: Dump GitHub context - id: github_context_step - run: echo '${{ toJSON(github) }}' - name: Dump job context run: echo '${{ toJSON(job) }}' - - name: Dump steps context - run: echo '${{ toJSON(steps) }}' - - name: Dump runner context - run: echo '${{ toJSON(runner) }}' - - name: Dump strategy context - run: echo '${{ toJSON(strategy) }}' - - name: Dump matrix context - run: echo '${{ toJSON(matrix) }}' - name: 'Checkout' uses: 'actions/checkout@v3' From ae5ea0226ca4ecd39f84c6ab35a1a91c9ac8c59c Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 16:48:00 -0400 Subject: [PATCH 046/141] remove debug --- .github/workflows/main.yml | 3 -- .github/workflows/payload-slack-content.json | 32 +++++++++++++++++--- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c78c6f6e..aaf42cb7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,9 +19,6 @@ jobs: runs-on: ubuntu-latest steps: - - name: Dump job context - run: echo '${{ toJSON(job) }}' - - name: 'Checkout' uses: 'actions/checkout@v3' diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 92ee2e10..58f53367 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -1,5 +1,8 @@ { "blocks": [ + { + "type": "divider" + }, { "type": "header", "text": { @@ -12,12 +15,9 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "Deployment status: :white_check_mark: ${{ job.status }}" + "text": "Deployment status: ${{ job.status }}" } }, - { - "type": "divider" - }, { "type": "section", "text": { @@ -35,6 +35,30 @@ "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", "action_id": "button-action" } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Action Details:" + }, + "accessory": { + "type": "overflow", + "options": [ + { + "text": { + "type": "plain_text", + "text": "SHA: ${{ github.sha }}", + "emoji": true + }, + "value": "value-0" + } + ], + "action_id": "overflow-action" + } + }, + { + "type": "divider" } ] } From 49d49fcec5db70c5b1a9b7eeb72dfa791c4d958f Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 17:11:22 -0400 Subject: [PATCH 047/141] Test gha slack notification --- .github/workflows/payload-slack-content.json | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 58f53367..42c5037c 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -15,7 +15,14 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "Deployment status: ${{ job.status }}" + "text": "Deployment status: {{ env.DEPLOY_STATUS }}" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Build name: {{ env.RELEASE_NAME }}" } }, { @@ -32,7 +39,7 @@ "emoji": true }, "value": "action_url", - "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", + "url": "https://github.com/{{ github.repository }}/actions/runs/{{ github.run_id }}", "action_id": "button-action" } }, @@ -48,7 +55,7 @@ { "text": { "type": "plain_text", - "text": "SHA: ${{ github.sha }}", + "text": "SHA: {{ github.sha }}", "emoji": true }, "value": "value-0" From 8362600e5f0f31e8b62d70c472bb6a0520392b0d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 17:19:36 -0400 Subject: [PATCH 048/141] Workaround missing context --- .github/workflows/main.yml | 3 +++ .github/workflows/payload-slack-content.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index aaf42cb7..1381629b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -71,3 +71,6 @@ jobs: env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + DEPLOY_STATUS: ${{ job.status }} + REPOSITORY: ${{ github.repository }} + RUN_ID: ${{ github.run_id }} diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 42c5037c..90dad5d2 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -39,7 +39,7 @@ "emoji": true }, "value": "action_url", - "url": "https://github.com/{{ github.repository }}/actions/runs/{{ github.run_id }}", + "url": "https://github.com/{{ env.REPOSITORY }}/actions/runs/{{ env.RUN_ID }}", "action_id": "button-action" } }, From eaa22da0932c5faa6482b83bd970d9b1a76b3ceb Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 18:13:33 -0400 Subject: [PATCH 049/141] Test status updates to slack --- .github/workflows/main.yml | 53 +++++++++++++-- .github/workflows/payload-slack-content.json | 69 +++++++++----------- 2 files changed, 78 insertions(+), 44 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1381629b..259fa42b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,6 +32,28 @@ jobs: - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev + - name: 'Create release name' + run: |- + echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} + + - name: Send initial slack notification + id: slack + if: always() + id: slack + uses: slackapi/slack-github-action@v1.24.0 + with: + payload-file-path: ".github/workflows/payload-slack-content.json" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + DEPLOY_STATUS: Building Docker Container (In Progress) + REPOSITORY: ${{ github.repository }} + RUN_ID: ${{ github.run_id }} + ACTOR: ${{ github.actor }} + GITHUB_SHA: ${{ github.sha }} + REF_NAME: ${{ github.ref_name }} + WORKFLOW_NAME: ${{ github.workflow }} + - name: 'Build and push container' run: |- docker build \ @@ -48,9 +70,24 @@ jobs: run: |- gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} - - name: 'Create release name' - run: |- - echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} + - name: update slack is deployment + if: always() + id: slack + uses: slackapi/slack-github-action@v1.24.0 + with: + update-ts: ${{ steps.slack.outputs.ts }} + payload-file-path: ".github/workflows/payload-slack-content.json" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + DEPLOY_STATUS: Docker Container Build (Complete). Deploying (In Progress) + REPOSITORY: ${{ github.repository }} + RUN_ID: ${{ github.run_id }} + ACTOR: ${{ github.actor }} + GITHUB_SHA: ${{ github.sha }} + REF_NAME: ${{ github.ref_name }} + WORKFLOW_NAME: ${{ github.workflow }} + - name: 'Create Cloud Deploy release' uses: 'google-github-actions/create-cloud-deploy-release@v0' @@ -62,15 +99,21 @@ jobs: skaffold_file: 'clouddeploy/skaffold.yaml' images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' - - name: Send notification to Slack + - name: update slack is deployment if: always() id: slack uses: slackapi/slack-github-action@v1.24.0 with: + update-ts: ${{ steps.slack.outputs.ts }} payload-file-path: ".github/workflows/payload-slack-content.json" env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - DEPLOY_STATUS: ${{ job.status }} + DEPLOY_STATUS: Deployed to Google Deploy (Complete) REPOSITORY: ${{ github.repository }} RUN_ID: ${{ github.run_id }} + ACTOR: ${{ github.actor }} + GITHUB_SHA: ${{ github.sha }} + REF_NAME: ${{ github.ref_name }} + WORKFLOW_NAME: ${{ github.workflow }} + diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 90dad5d2..5e7e34b4 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -1,13 +1,10 @@ { "blocks": [ - { - "type": "divider" - }, { "type": "header", "text": { "type": "plain_text", - "text": ":link-run: Github Action Notification", + "text": ":link-run: Github Action Notification :link-run:\n{{ env.WORKFLOW_NAME }}", "emoji": true } }, @@ -15,57 +12,51 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "Deployment status: {{ env.DEPLOY_STATUS }}" + "text": "Build Name: {{ env.RELEASE_NAME }}\nStatus: {{ env.DEPLOY_STATUS }}" } }, - { + { "type": "section", - "text": { - "type": "mrkdwn", - "text": "Build name: {{ env.RELEASE_NAME }}" - } + "fields": [ + { + "type": "plain_text", + "text": "Repo: {{ env.REPOSITORY }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Branch/Tag: {{ env.REF_NAME }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "SHA: {{ env.GITHUB_SHA }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Actor: {{ env.ACTOR }}", + "emoji": true + } + ] }, - { + { "type": "section", "text": { "type": "mrkdwn", - "text": "Build action URL:" + "text": "Github Action URL" }, "accessory": { "type": "button", "text": { "type": "plain_text", - "text": ":link: Link to Action", + "text": ":link: Click Me", "emoji": true }, - "value": "action_url", - "url": "https://github.com/{{ env.REPOSITORY }}/actions/runs/{{ env.RUN_ID }}", + "value": "github_action_url", + "url": "https://github.com/${{ env.REPOSITORY }/actions/runs/${{ env.RUN_ID }}", "action_id": "button-action" } - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "Action Details:" - }, - "accessory": { - "type": "overflow", - "options": [ - { - "text": { - "type": "plain_text", - "text": "SHA: {{ github.sha }}", - "emoji": true - }, - "value": "value-0" - } - ], - "action_id": "overflow-action" - } - }, - { - "type": "divider" } ] } From b14b11aaa09c25eb3584a26dbd2a02ffe641112a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 18:15:00 -0400 Subject: [PATCH 050/141] Remove dup step ids --- .github/workflows/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 259fa42b..89810463 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -39,7 +39,6 @@ jobs: - name: Send initial slack notification id: slack if: always() - id: slack uses: slackapi/slack-github-action@v1.24.0 with: payload-file-path: ".github/workflows/payload-slack-content.json" @@ -72,7 +71,6 @@ jobs: - name: update slack is deployment if: always() - id: slack uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} @@ -101,7 +99,6 @@ jobs: - name: update slack is deployment if: always() - id: slack uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} From ea5443ee1382773a4c17bc9939e8199574332864 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 18:51:06 -0400 Subject: [PATCH 051/141] Test GHA slack notification --- .github/workflows/main.yml | 87 +++++++++++++++----- .github/workflows/payload-slack-content.json | 16 ++-- 2 files changed, 70 insertions(+), 33 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 89810463..95947f39 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,6 @@ name: Build SSO Dashboard and create a release in Cloud Deploy -on: +on: push: branches: - 'revamp' @@ -37,7 +37,6 @@ jobs: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} - name: Send initial slack notification - id: slack if: always() uses: slackapi/slack-github-action@v1.24.0 with: @@ -45,7 +44,6 @@ jobs: env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - DEPLOY_STATUS: Building Docker Container (In Progress) REPOSITORY: ${{ github.repository }} RUN_ID: ${{ github.run_id }} ACTOR: ${{ github.actor }} @@ -53,6 +51,34 @@ jobs: REF_NAME: ${{ github.ref_name }} WORKFLOW_NAME: ${{ github.workflow }} + - name: Update build status + id: slack + if: always() + uses: slackapi/slack-github-action@v1.24.0 + with: + update-ts: ${{ steps.slack.outputs.ts }} + payload: | + { + "text": "Docker Build started (In Progress)", + "attachments": [ + { + "pretext": "Docker Build started", + "color": "dbab09", + "fields": [ + { + "title": "Status", + "short": true, + "value": "In Progress" + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + - name: 'Build and push container' run: |- docker build \ @@ -69,23 +95,31 @@ jobs: run: |- gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} - - name: update slack is deployment + - name: Update slack starting deployment if: always() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - payload-file-path: ".github/workflows/payload-slack-content.json" + payload: | + { + "text": "Deployment started (In Progress)", + "attachments": [ + { + "pretext": "Deployment started", + "color": "dbab09", + "fields": [ + { + "title": "Status", + "short": true, + "value": "In Progress" + } + ] + } + ] + } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - DEPLOY_STATUS: Docker Container Build (Complete). Deploying (In Progress) - REPOSITORY: ${{ github.repository }} - RUN_ID: ${{ github.run_id }} - ACTOR: ${{ github.actor }} - GITHUB_SHA: ${{ github.sha }} - REF_NAME: ${{ github.ref_name }} - WORKFLOW_NAME: ${{ github.workflow }} - - name: 'Create Cloud Deploy release' uses: 'google-github-actions/create-cloud-deploy-release@v0' @@ -97,20 +131,29 @@ jobs: skaffold_file: 'clouddeploy/skaffold.yaml' images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' - - name: update slack is deployment + - name: Update slack deployment complete if: always() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - payload-file-path: ".github/workflows/payload-slack-content.json" + payload: | + { + "text": "Deployment finished (Completed)", + "attachments": [ + { + "pretext": "Deployment finished", + "color": "28a745", + "fields": [ + { + "title": "Status", + "short": true, + "value": "Completed" + } + ] + } + ] + } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - DEPLOY_STATUS: Deployed to Google Deploy (Complete) - REPOSITORY: ${{ github.repository }} - RUN_ID: ${{ github.run_id }} - ACTOR: ${{ github.actor }} - GITHUB_SHA: ${{ github.sha }} - REF_NAME: ${{ github.ref_name }} - WORKFLOW_NAME: ${{ github.workflow }} diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 5e7e34b4..793b68cf 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -8,34 +8,27 @@ "emoji": true } }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "Build Name: {{ env.RELEASE_NAME }}\nStatus: {{ env.DEPLOY_STATUS }}" - } - }, { "type": "section", "fields": [ { "type": "plain_text", - "text": "Repo: {{ env.REPOSITORY }}", + "text": "Build Name: {{ env.RELEASE_NAME }}", "emoji": true }, { "type": "plain_text", - "text": "Branch/Tag: {{ env.REF_NAME }}", + "text": "Actor: {{ env.ACTOR }}", "emoji": true }, { "type": "plain_text", - "text": "SHA: {{ env.GITHUB_SHA }}", + "text": "Repo: {{ env.REPOSITORY }}", "emoji": true }, { "type": "plain_text", - "text": "Actor: {{ env.ACTOR }}", + "text": "Branch/Tag: {{ env.REF_NAME }}", "emoji": true } ] @@ -58,5 +51,6 @@ "action_id": "button-action" } } + } ] } From b7feb9df1872722ab9a82a0c473c2cc279ffa18b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 18:55:35 -0400 Subject: [PATCH 052/141] Fix json payload --- .github/workflows/main.yml | 10 +++------- .github/workflows/payload-slack-content.json | 1 - 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 95947f39..bc70da1f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,6 @@ jobs: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} - name: Send initial slack notification - if: always() uses: slackapi/slack-github-action@v1.24.0 with: payload-file-path: ".github/workflows/payload-slack-content.json" @@ -53,7 +52,7 @@ jobs: - name: Update build status id: slack - if: always() + if: success() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} @@ -62,7 +61,6 @@ jobs: "text": "Docker Build started (In Progress)", "attachments": [ { - "pretext": "Docker Build started", "color": "dbab09", "fields": [ { @@ -96,7 +94,7 @@ jobs: gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} - name: Update slack starting deployment - if: always() + if: success() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} @@ -105,7 +103,6 @@ jobs: "text": "Deployment started (In Progress)", "attachments": [ { - "pretext": "Deployment started", "color": "dbab09", "fields": [ { @@ -132,7 +129,7 @@ jobs: images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' - name: Update slack deployment complete - if: always() + if: success() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} @@ -141,7 +138,6 @@ jobs: "text": "Deployment finished (Completed)", "attachments": [ { - "pretext": "Deployment finished", "color": "28a745", "fields": [ { diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 793b68cf..6bcef5d1 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -51,6 +51,5 @@ "action_id": "button-action" } } - } ] } From 8578a371d6989f49352fdc7807b592849594c48e Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 19:11:29 -0400 Subject: [PATCH 053/141] Test slack notification --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bc70da1f..810e770f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -100,7 +100,6 @@ jobs: update-ts: ${{ steps.slack.outputs.ts }} payload: | { - "text": "Deployment started (In Progress)", "attachments": [ { "color": "dbab09", From c3a0301c01b5acdd474bf26fdc59acd211352d01 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 19:25:06 -0400 Subject: [PATCH 054/141] Move status payload to separate file --- .github/workflows/main.yml | 60 +++++---------------- .github/workflows/payload-slack-status.json | 14 +++++ 2 files changed, 27 insertions(+), 47 deletions(-) create mode 100644 .github/workflows/payload-slack-status.json diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 810e770f..2aae9da0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -56,25 +56,14 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - payload: | - { - "text": "Docker Build started (In Progress)", - "attachments": [ - { - "color": "dbab09", - "fields": [ - { - "title": "Status", - "short": true, - "value": "In Progress" - } - ] - } - ] - } + payload-file-path: ".github/workflows/payload-slack-status.json" env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + STATUS_COLOR: dbab09 + STATUS_TITLE: Docker Build + STATUS_VALUE: In Progress + - name: 'Build and push container' @@ -98,24 +87,13 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - payload: | - { - "attachments": [ - { - "color": "dbab09", - "fields": [ - { - "title": "Status", - "short": true, - "value": "In Progress" - } - ] - } - ] - } + payload-file-path: ".github/workflows/payload-slack-status.json" env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + STATUS_COLOR: dbab09 + STATUS_TITLE: Deploying Docker Container + STATUS_VALUE: In Progress - name: 'Create Cloud Deploy release' uses: 'google-github-actions/create-cloud-deploy-release@v0' @@ -132,23 +110,11 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - payload: | - { - "text": "Deployment finished (Completed)", - "attachments": [ - { - "color": "28a745", - "fields": [ - { - "title": "Status", - "short": true, - "value": "Completed" - } - ] - } - ] - } + payload-file-path: ".github/workflows/payload-slack-status.json" env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + STATUS_COLOR: 28a745 + STATUS_TITLE: Deploying Docker Container + STATUS_VALUE: Completed diff --git a/.github/workflows/payload-slack-status.json b/.github/workflows/payload-slack-status.json new file mode 100644 index 00000000..7b9a19c8 --- /dev/null +++ b/.github/workflows/payload-slack-status.json @@ -0,0 +1,14 @@ +{ + "attachments": [ + { + "color": "{{ env.STATUS_COLOR }}", + "fields": [ + { + "title": "{{ env.STATUS_TITLE }}", + "short": true, + "value": "Status: {{ env.STATUS_VALUE }}" + } + ] + } + ] +} From 56180890e63752c745deb36340729f2a92b1200a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 21:06:13 -0400 Subject: [PATCH 055/141] Add failure action --- .github/workflows/main.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2aae9da0..d2349ce5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,6 +37,7 @@ jobs: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} - name: Send initial slack notification + id: slack uses: slackapi/slack-github-action@v1.24.0 with: payload-file-path: ".github/workflows/payload-slack-content.json" @@ -51,7 +52,6 @@ jobs: WORKFLOW_NAME: ${{ github.workflow }} - name: Update build status - id: slack if: success() uses: slackapi/slack-github-action@v1.24.0 with: @@ -64,8 +64,6 @@ jobs: STATUS_TITLE: Docker Build STATUS_VALUE: In Progress - - - name: 'Build and push container' run: |- docker build \ @@ -118,3 +116,16 @@ jobs: STATUS_TITLE: Deploying Docker Container STATUS_VALUE: Completed + - name: Update slack deployment failed + if: failure() + uses: slackapi/slack-github-action@v1.24.0 + with: + update-ts: ${{ steps.slack.outputs.ts }} + payload-file-path: ".github/workflows/payload-slack-status.json" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + STATUS_COLOR: d81313 + STATUS_TITLE: Deploying Docker Container + STATUS_VALUE: Failed + From f58485dea33d1b2b5fe4b5c1370f098e2374a29a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 22:19:48 -0400 Subject: [PATCH 056/141] Clean up gha --- .github/workflows/main.yml | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d2349ce5..210606e8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,7 +16,9 @@ jobs: permissions: contents: 'read' id-token: 'write' - + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK runs-on: ubuntu-latest steps: - name: 'Checkout' @@ -34,7 +36,7 @@ jobs: - name: 'Create release name' run: |- - echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} + echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> ${GITHUB_ENV} - name: Send initial slack notification id: slack @@ -42,8 +44,6 @@ jobs: with: payload-file-path: ".github/workflows/payload-slack-content.json" env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK REPOSITORY: ${{ github.repository }} RUN_ID: ${{ github.run_id }} ACTOR: ${{ github.actor }} @@ -51,15 +51,13 @@ jobs: REF_NAME: ${{ github.ref_name }} WORKFLOW_NAME: ${{ github.workflow }} - - name: Update build status + - name: Update slack build in progress if: success() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} payload-file-path: ".github/workflows/payload-slack-status.json" env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK STATUS_COLOR: dbab09 STATUS_TITLE: Docker Build STATUS_VALUE: In Progress @@ -71,14 +69,10 @@ jobs: docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" - name: 'Render cloud deploy config manifests from templates' - run: |- - export PROJECT_ID="${{ env.PROJECT_ID }}" - export REGION="${{ env.REGION }}" - for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done + run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done - - name: 'Create Cloud Deploy delivery pipeline' - run: |- - gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} +# - name: 'Create Cloud Deploy delivery pipeline' +# run: gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} - name: Update slack starting deployment if: success() @@ -87,8 +81,6 @@ jobs: update-ts: ${{ steps.slack.outputs.ts }} payload-file-path: ".github/workflows/payload-slack-status.json" env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK STATUS_COLOR: dbab09 STATUS_TITLE: Deploying Docker Container STATUS_VALUE: In Progress @@ -110,8 +102,6 @@ jobs: update-ts: ${{ steps.slack.outputs.ts }} payload-file-path: ".github/workflows/payload-slack-status.json" env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK STATUS_COLOR: 28a745 STATUS_TITLE: Deploying Docker Container STATUS_VALUE: Completed @@ -123,8 +113,6 @@ jobs: update-ts: ${{ steps.slack.outputs.ts }} payload-file-path: ".github/workflows/payload-slack-status.json" env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK STATUS_COLOR: d81313 STATUS_TITLE: Deploying Docker Container STATUS_VALUE: Failed From 8021218637e459e9edfbd565940d5f9c62138b5e Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 22:25:43 -0400 Subject: [PATCH 057/141] Add buildname to status payloads --- .github/workflows/payload-slack-status.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/payload-slack-status.json b/.github/workflows/payload-slack-status.json index 7b9a19c8..f4ba3794 100644 --- a/.github/workflows/payload-slack-status.json +++ b/.github/workflows/payload-slack-status.json @@ -4,7 +4,7 @@ "color": "{{ env.STATUS_COLOR }}", "fields": [ { - "title": "{{ env.STATUS_TITLE }}", + "title": "[{{ env.RELEASE_NAME }}] {{ env.STATUS_TITLE }}", "short": true, "value": "Status: {{ env.STATUS_VALUE }}" } From 18321a587492a50f923fcde3f77d604e320144d3 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 22:31:00 -0400 Subject: [PATCH 058/141] Adjust status payload formatting --- .github/workflows/payload-slack-status.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/payload-slack-status.json b/.github/workflows/payload-slack-status.json index f4ba3794..0aa65bb9 100644 --- a/.github/workflows/payload-slack-status.json +++ b/.github/workflows/payload-slack-status.json @@ -4,7 +4,7 @@ "color": "{{ env.STATUS_COLOR }}", "fields": [ { - "title": "[{{ env.RELEASE_NAME }}] {{ env.STATUS_TITLE }}", + "title": "[{{ env.RELEASE_NAME }}]\n{{ env.STATUS_TITLE }}", "short": true, "value": "Status: {{ env.STATUS_VALUE }}" } From a7143638fea50f0ef0310a6788927ab2c8c9836d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 22:51:22 -0400 Subject: [PATCH 059/141] Adjust status payload formatting --- .github/workflows/payload-slack-status.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/payload-slack-status.json b/.github/workflows/payload-slack-status.json index 0aa65bb9..5f45458a 100644 --- a/.github/workflows/payload-slack-status.json +++ b/.github/workflows/payload-slack-status.json @@ -4,9 +4,9 @@ "color": "{{ env.STATUS_COLOR }}", "fields": [ { - "title": "[{{ env.RELEASE_NAME }}]\n{{ env.STATUS_TITLE }}", + "title": "{{ env.STATUS_TITLE }}", "short": true, - "value": "Status: {{ env.STATUS_VALUE }}" + "value": "[{{ env.RELEASE_NAME }}]\nStatus: {{ env.STATUS_VALUE }}" } ] } From ba95071650cb65006844502e986fcd4fcc8bc17b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 23:15:52 -0400 Subject: [PATCH 060/141] fix action link in payload --- .github/workflows/payload-slack-content.json | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 6bcef5d1..08f6e9f2 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -37,18 +37,7 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "Github Action URL" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": ":link: Click Me", - "emoji": true - }, - "value": "github_action_url", - "url": "https://github.com/${{ env.REPOSITORY }/actions/runs/${{ env.RUN_ID }}", - "action_id": "button-action" + "text": "" } } ] From 11ec6ba8e37ea214ddebd30886ec99c86e563079 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 1 Jun 2023 23:19:02 -0400 Subject: [PATCH 061/141] fix action link in payload --- .github/workflows/payload-slack-content.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 08f6e9f2..092ab549 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -37,7 +37,7 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "" + "text": "" } } ] From 30d8f79bf88892b29c09073f57c8a618cc192734 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 2 Jun 2023 16:27:00 -0400 Subject: [PATCH 062/141] Use OAuth token with gha slack app --- .github/workflows/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 210606e8..9311e9b8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,6 +10,7 @@ env: GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 REGION: us-east1 + CHANNEL_IDS: C05AMLCL4JX,G01AC4VU4UV jobs: deploy: @@ -17,8 +18,7 @@ jobs: contents: 'read' id-token: 'write' env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} runs-on: ubuntu-latest steps: - name: 'Checkout' @@ -42,6 +42,7 @@ jobs: id: slack uses: slackapi/slack-github-action@v1.24.0 with: + channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" env: REPOSITORY: ${{ github.repository }} @@ -56,6 +57,7 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} + channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: dbab09 @@ -71,14 +73,12 @@ jobs: - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done -# - name: 'Create Cloud Deploy delivery pipeline' -# run: gcloud deploy apply --file clouddeploy/clouddeploy.yaml --region ${{ env.GAR_LOCATION }} - - name: Update slack starting deployment if: success() uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} + channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: dbab09 @@ -100,6 +100,7 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} + channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: 28a745 @@ -111,6 +112,7 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} + channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: d81313 From cffa370c62ba76ec0a7ab7cc5cf3ed98b788b2e6 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 2 Jun 2023 16:54:14 -0400 Subject: [PATCH 063/141] Fix slack id in gha step --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9311e9b8..bbeec409 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -39,7 +39,6 @@ jobs: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> ${GITHUB_ENV} - name: Send initial slack notification - id: slack uses: slackapi/slack-github-action@v1.24.0 with: channel-id: ${{ env.CHANNEL_IDS }} @@ -54,6 +53,7 @@ jobs: - name: Update slack build in progress if: success() + id: slack uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} From df813767d43cf1c3dc38b5979f1b172ffbf35aec Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 2 Jun 2023 17:00:24 -0400 Subject: [PATCH 064/141] Fix slack id in gha step --- .github/workflows/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bbeec409..ba4ea11d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -75,6 +75,7 @@ jobs: - name: Update slack starting deployment if: success() + id: slack-deploy uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} @@ -99,7 +100,7 @@ jobs: if: success() uses: slackapi/slack-github-action@v1.24.0 with: - update-ts: ${{ steps.slack.outputs.ts }} + update-ts: ${{ steps.slack-deploy.outputs.ts }} channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: From af0953eb76fe2158f30bed8e4aa1c8481fbd67e4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 2 Jun 2023 17:08:11 -0400 Subject: [PATCH 065/141] Rework gha slack notifications --- .github/workflows/main.yml | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ba4ea11d..69fdc663 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Build SSO Dashboard and create a release in Cloud Deploy +name: Build and Deploy SSO Dashboard on: push: @@ -61,7 +61,7 @@ jobs: payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: dbab09 - STATUS_TITLE: Docker Build + STATUS_TITLE: Building and deploying SSO Dashboard STATUS_VALUE: In Progress - name: 'Build and push container' @@ -73,19 +73,6 @@ jobs: - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done - - name: Update slack starting deployment - if: success() - id: slack-deploy - uses: slackapi/slack-github-action@v1.24.0 - with: - update-ts: ${{ steps.slack.outputs.ts }} - channel-id: ${{ env.CHANNEL_IDS }} - payload-file-path: ".github/workflows/payload-slack-status.json" - env: - STATUS_COLOR: dbab09 - STATUS_TITLE: Deploying Docker Container - STATUS_VALUE: In Progress - - name: 'Create Cloud Deploy release' uses: 'google-github-actions/create-cloud-deploy-release@v0' with: @@ -100,12 +87,12 @@ jobs: if: success() uses: slackapi/slack-github-action@v1.24.0 with: - update-ts: ${{ steps.slack-deploy.outputs.ts }} + update-ts: ${{ steps.slack.outputs.ts }} channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: 28a745 - STATUS_TITLE: Deploying Docker Container + STATUS_TITLE: Building and Deploying Docker Container STATUS_VALUE: Completed - name: Update slack deployment failed @@ -117,6 +104,6 @@ jobs: payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: d81313 - STATUS_TITLE: Deploying Docker Container + STATUS_TITLE: Building and Deploying Docker Container STATUS_VALUE: Failed From 6df8d7cb037fc624ccce5653dbe1cfb6417f2200 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 2 Jun 2023 17:15:02 -0400 Subject: [PATCH 066/141] Rework gha slack notifications --- .github/workflows/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 69fdc663..2cad61d6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -88,7 +88,6 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: 28a745 @@ -100,7 +99,6 @@ jobs: uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ steps.slack.outputs.ts }} - channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-status.json" env: STATUS_COLOR: d81313 From a38b3843b4ebfef24ca6bee2b100f75afe07ff7c Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 7 Jun 2023 13:49:15 -0400 Subject: [PATCH 067/141] Put channel ids back in and remove multiple channels --- .github/workflows/.main.yml.swp | Bin 0 -> 20480 bytes .github/workflows/main.yml | 6 +++--- .github/workflows/payload-slack-status.json | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/.main.yml.swp diff --git a/.github/workflows/.main.yml.swp b/.github/workflows/.main.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..774beefb4068b1acda61929aeec4949ed57c4f82 GIT binary patch literal 20480 zcmeI2OKc=Z8ONI}IB&v3yp&6=v(Y#UJ!7xEBpFE9@wn}s?0CkRhc|(sp{BcLrgwU} zTU|Xi-o@b|gv1gF@sLo&Gr53-$bk!-;D87ckidlmB_R?>AZ|q5B5~kf-PJukV>{Z7 zNFtGH>F05GJ-X^&RbPG8Ro%ty$|kuxzo_AQho=4U6Bn&(pZSmW;^UfjVV8zO+vOtY zm98}!4EewdSl;nW>KqyM;UvR?#dZoK@1pHERJZAmN;z(vpnb+7<(;5c|6m;?WMyQV!0o(7MChXDs42OkEf!3V$``18%0_FM2J zV1PBS0G_=`)1Co81&@OTkOME@sA*4vpM$S}kAYL*7VNHbErG0fqC$kw`tlRz++$+ z+z)OA|G-BP3O)svz^&k)_+auJ_#t=*)WITn2_Isf22X(>fXm=KsDSr^-{Hf|FOrWl z8j%-scZ%r^AwJ!6JZkAZ+hMv-!$FbEA3Ri%#NrM$hdK{wIOh2a+;itMS&e;*hD;B6 zk({`6iSUs5JRhaVd*jd_hddv0vcI1u*~Qt7Nm<66A!QVw`gS3HReZcdr)Fq-?wOsX z{HYb3KOyq6dqvWtwlfac!X5IdPFy--MbeH+6X!=P<~!crh`C`DpIKU(2O-T?snu?F zwoBEvQ6yz=)>rsq=~y&o)0J@V__w01CtQavvq zA;ZW+{=|04i3Nv~tl%f}NpK|j9Umc!Y3X7A3?~{8ocemf3Ke-W0FZNQ%I|9b!m6;?lkzdv&!axx-N5c+luE&VcN=POSPI& zh0SVWB&UTSj$F-tk)4%a5}2AuFbQhseEILo+(19+!FI|#^}SZfZ>@^ywR?q8Kz>P8+UAL zCYrHTZ&r}sgVRx&?{OQM?q#F@4?2?=Bye92I9*rKn+`MdSK)3Y7PAS12@`FHHg%+X z<$9srvrQ^yy@_EbgqZ`6%xCARbTW@;A^pUqOyd>r+@CxU?NDoPt{RP*hox4_*xYLE z&y#zFp_l26+V*7J9AS6ld?cr!$WP3eoG4L0o(JeS9LQM!zNPduqK+d*>nmG#+2Ino za?&ppS!Uh__ksmGw#howG`+DK${Ct7OtSEl&sWwvO{1}0DI1+qxm<78TIf-^to;(> zM)>aNo9G#Kh}k~yc5o9Mk{7(9?aG?b5SgSy;;%v>$p{!1` zS}LFGtkzqdR{fk&i-%<*=S-j+@tJXHTYBgXnQ+>613P3%q2#y|z9_sID}L;=U}STS z-p)nAVo#{3UGTcN$AgSH$AV(IquE<_aToottzN`P?$>zq9kuSK;&8gc2O*gJIO#|7^O)P?ddjI?2dteM0sDj^PuYLopgKNNL?9qQ2d=k7L+yGv{{=C?)e*|oUgXIfY%BFDHrENc;!_s!Zew(oQ5~HlI8dgJ&ZS4w)X}*s YI_0U3&LtlZ4m;8u8yIn Date: Wed, 7 Jun 2023 14:03:00 -0400 Subject: [PATCH 068/141] remove swp file and add manual trigger for gha --- .github/workflows/.main.yml.swp | Bin 20480 -> 0 bytes .github/workflows/main.yml | 3 ++- 2 files changed, 2 insertions(+), 1 deletion(-) delete mode 100644 .github/workflows/.main.yml.swp diff --git a/.github/workflows/.main.yml.swp b/.github/workflows/.main.yml.swp deleted file mode 100644 index 774beefb4068b1acda61929aeec4949ed57c4f82..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20480 zcmeI2OKc=Z8ONI}IB&v3yp&6=v(Y#UJ!7xEBpFE9@wn}s?0CkRhc|(sp{BcLrgwU} zTU|Xi-o@b|gv1gF@sLo&Gr53-$bk!-;D87ckidlmB_R?>AZ|q5B5~kf-PJukV>{Z7 zNFtGH>F05GJ-X^&RbPG8Ro%ty$|kuxzo_AQho=4U6Bn&(pZSmW;^UfjVV8zO+vOtY zm98}!4EewdSl;nW>KqyM;UvR?#dZoK@1pHERJZAmN;z(vpnb+7<(;5c|6m;?WMyQV!0o(7MChXDs42OkEf!3V$``18%0_FM2J zV1PBS0G_=`)1Co81&@OTkOME@sA*4vpM$S}kAYL*7VNHbErG0fqC$kw`tlRz++$+ z+z)OA|G-BP3O)svz^&k)_+auJ_#t=*)WITn2_Isf22X(>fXm=KsDSr^-{Hf|FOrWl z8j%-scZ%r^AwJ!6JZkAZ+hMv-!$FbEA3Ri%#NrM$hdK{wIOh2a+;itMS&e;*hD;B6 zk({`6iSUs5JRhaVd*jd_hddv0vcI1u*~Qt7Nm<66A!QVw`gS3HReZcdr)Fq-?wOsX z{HYb3KOyq6dqvWtwlfac!X5IdPFy--MbeH+6X!=P<~!crh`C`DpIKU(2O-T?snu?F zwoBEvQ6yz=)>rsq=~y&o)0J@V__w01CtQavvq zA;ZW+{=|04i3Nv~tl%f}NpK|j9Umc!Y3X7A3?~{8ocemf3Ke-W0FZNQ%I|9b!m6;?lkzdv&!axx-N5c+luE&VcN=POSPI& zh0SVWB&UTSj$F-tk)4%a5}2AuFbQhseEILo+(19+!FI|#^}SZfZ>@^ywR?q8Kz>P8+UAL zCYrHTZ&r}sgVRx&?{OQM?q#F@4?2?=Bye92I9*rKn+`MdSK)3Y7PAS12@`FHHg%+X z<$9srvrQ^yy@_EbgqZ`6%xCARbTW@;A^pUqOyd>r+@CxU?NDoPt{RP*hox4_*xYLE z&y#zFp_l26+V*7J9AS6ld?cr!$WP3eoG4L0o(JeS9LQM!zNPduqK+d*>nmG#+2Ino za?&ppS!Uh__ksmGw#howG`+DK${Ct7OtSEl&sWwvO{1}0DI1+qxm<78TIf-^to;(> zM)>aNo9G#Kh}k~yc5o9Mk{7(9?aG?b5SgSy;;%v>$p{!1` zS}LFGtkzqdR{fk&i-%<*=S-j+@tJXHTYBgXnQ+>613P3%q2#y|z9_sID}L;=U}STS z-p)nAVo#{3UGTcN$AgSH$AV(IquE<_aToottzN`P?$>zq9kuSK;&8gc2O*gJIO#|7^O)P?ddjI?2dteM0sDj^PuYLopgKNNL?9qQ2d=k7L+yGv{{=C?)e*|oUgXIfY%BFDHrENc;!_s!Zew(oQ5~HlI8dgJ&ZS4w)X}*s YI_0U3&LtlZ4m;8u8yIn Date: Wed, 7 Jun 2023 15:31:18 -0400 Subject: [PATCH 069/141] Test color of block kit --- .github/workflows/payload-slack-content.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 092ab549..678ba3c1 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -1,4 +1,5 @@ { + "color": "dbab09", "blocks": [ { "type": "header", From e627c315226d381f6c7801a634ce303bfc629779 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 7 Jun 2023 15:38:25 -0400 Subject: [PATCH 070/141] Test slack attachment --- .github/workflows/payload-slack-content.json | 89 +++++++++++--------- 1 file changed, 47 insertions(+), 42 deletions(-) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 678ba3c1..460521ef 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -1,45 +1,50 @@ { - "color": "dbab09", - "blocks": [ - { - "type": "header", - "text": { - "type": "plain_text", - "text": ":link-run: Github Action Notification :link-run:\n{{ env.WORKFLOW_NAME }}", - "emoji": true - } - }, + "text": "test", + "attachments": [ { - "type": "section", - "fields": [ - { - "type": "plain_text", - "text": "Build Name: {{ env.RELEASE_NAME }}", - "emoji": true - }, - { - "type": "plain_text", - "text": "Actor: {{ env.ACTOR }}", - "emoji": true - }, - { - "type": "plain_text", - "text": "Repo: {{ env.REPOSITORY }}", - "emoji": true - }, - { - "type": "plain_text", - "text": "Branch/Tag: {{ env.REF_NAME }}", - "emoji": true - } - ] - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "" - } - } - ] + "color": "dbab09", + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": ":link-run: Github Action Notification :link-run:\n{{ env.WORKFLOW_NAME }}", + "emoji": true + } + }, + { + "type": "section", + "fields": [ + { + "type": "plain_text", + "text": "Build Name: {{ env.RELEASE_NAME }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Actor: {{ env.ACTOR }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Repo: {{ env.REPOSITORY }}", + "emoji": true + }, + { + "type": "plain_text", + "text": "Branch/Tag: {{ env.REF_NAME }}", + "emoji": true + } + ] + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "" + } + } + ] + } + ] } From c776e176db61182eae3643823764d9480ea81a96 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 7 Jun 2023 15:54:58 -0400 Subject: [PATCH 071/141] Test updating main slack msg --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7fcb850b..f04c7c2f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,7 +11,7 @@ env: GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 REGION: us-east1 - CHANNEL_IDS: C05AMLCL4JX + CHANNEL_IDS: G01AC4VU4UV jobs: deploy: @@ -41,6 +41,7 @@ jobs: - name: Send initial slack notification uses: slackapi/slack-github-action@v1.24.0 + id: slack with: channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" @@ -53,7 +54,6 @@ jobs: - name: Update slack build in progress if: success() - id: slack uses: slackapi/slack-github-action@v1.24.0 with: channel-id: ${{ env.CHANNEL_IDS }} From a110aa7c79d0065d73be9451a0c8702f798ac92a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 16:54:43 -0400 Subject: [PATCH 072/141] Rework slack noitfiations --- .github/workflows/main.yml | 29 ++++++++++---------- .github/workflows/payload-slack-content.json | 23 ++++++++++------ 2 files changed, 29 insertions(+), 23 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f04c7c2f..5f78f487 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -46,29 +46,28 @@ jobs: channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" env: - REPOSITORY: ${{ github.repository }} - ACTOR: ${{ github.actor }} - GITHUB_SHA: ${{ github.sha }} - REF_NAME: ${{ github.ref_name }} - WORKFLOW_NAME: ${{ github.workflow }} + STATUS_COLOR: dbab09 + STATUS_TITLE: Building SSO Dashboard Docker Image + STATUS_VALUE: In Progress + + - name: 'Build and push container' + run: |- + docker build \ + -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . + docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" - name: Update slack build in progress if: success() uses: slackapi/slack-github-action@v1.24.0 with: + update-ts: ${{ steps.slack.outputs.ts }} channel-id: ${{ env.CHANNEL_IDS }} - payload-file-path: ".github/workflows/payload-slack-status.json" + payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: dbab09 - STATUS_TITLE: Building and deploying SSO Dashboard + STATUS_TITLE: Sending to Cloud Deploy STATUS_VALUE: In Progress - - name: 'Build and push container' - run: |- - docker build \ - -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . - docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" - - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done @@ -88,7 +87,7 @@ jobs: with: update-ts: ${{ steps.slack.outputs.ts }} channel-id: ${{ env.CHANNEL_IDS }} - payload-file-path: ".github/workflows/payload-slack-status.json" + payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: 28a745 STATUS_TITLE: Building and Deploying Docker Container @@ -100,7 +99,7 @@ jobs: with: update-ts: ${{ steps.slack.outputs.ts }} channel-id: ${{ env.CHANNEL_IDS }} - payload-file-path: ".github/workflows/payload-slack-status.json" + payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: d81313 STATUS_TITLE: Building and Deploying Docker Container diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 460521ef..0d13a55b 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -1,14 +1,14 @@ { - "text": "test", + "text": "", "attachments": [ { - "color": "dbab09", + "color": "{{ env.STATUS_COLOR }}", "blocks": [ { "type": "header", "text": { "type": "plain_text", - "text": ":link-run: Github Action Notification :link-run:\n{{ env.WORKFLOW_NAME }}", + "text": ":link-run: Github Action Notification :link-run:\n{{ github.workflow }}", "emoji": true } }, @@ -17,22 +17,22 @@ "fields": [ { "type": "plain_text", - "text": "Build Name: {{ env.RELEASE_NAME }}", + "text": "{{ env.RELEASE_NAME }}", "emoji": true }, { "type": "plain_text", - "text": "Actor: {{ env.ACTOR }}", + "text": "{{ github.actor }}", "emoji": true }, { "type": "plain_text", - "text": "Repo: {{ env.REPOSITORY }}", + "text": "{{ github.repository }}", "emoji": true }, { "type": "plain_text", - "text": "Branch/Tag: {{ env.REF_NAME }}", + "text": "{{ github.ref_name }}", "emoji": true } ] @@ -41,7 +41,14 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "" + "text": "" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Action: {{ env.STATUS_TITLE }} Status: {{ env.STATUS_VALUE }}" } } ] From 0e50c3c66d63f176a515256a42a666e56d70d83b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 17:03:14 -0400 Subject: [PATCH 073/141] Fix env vars in GHA slack notif --- .github/workflows/payload-slack-content.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 0d13a55b..fe2c8f61 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -22,17 +22,17 @@ }, { "type": "plain_text", - "text": "{{ github.actor }}", + "text": "{{ env.GITHUB_ACTOR }}", "emoji": true }, { "type": "plain_text", - "text": "{{ github.repository }}", + "text": "{{ env.GITHUB_REPOSITORY }}", "emoji": true }, { "type": "plain_text", - "text": "{{ github.ref_name }}", + "text": "{{ env.GITHUB_REF_NAME }}", "emoji": true } ] @@ -41,14 +41,14 @@ "type": "section", "text": { "type": "mrkdwn", - "text": "" + "text": "" } }, { "type": "section", "text": { "type": "mrkdwn", - "text": "Action: {{ env.STATUS_TITLE }} Status: {{ env.STATUS_VALUE }}" + "text": "{{ env.STATUS_TITLE }} (__{{ env.STATUS_VALUE }}__)" } } ] From 23671df18d4db07db22c81a23c6478186a529da8 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 17:45:02 -0400 Subject: [PATCH 074/141] add slack context in gha --- .github/workflows/main.yml | 8 ++++---- .github/workflows/payload-slack-content.json | 18 ++++++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5f78f487..56980d99 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -48,7 +48,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Building SSO Dashboard Docker Image - STATUS_VALUE: In Progress + STATUS_VALUE: Running :link-run: - name: 'Build and push container' run: |- @@ -66,7 +66,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Sending to Cloud Deploy - STATUS_VALUE: In Progress + STATUS_VALUE: Running :link-run: - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done @@ -91,7 +91,7 @@ jobs: env: STATUS_COLOR: 28a745 STATUS_TITLE: Building and Deploying Docker Container - STATUS_VALUE: Completed + STATUS_VALUE: Completed :link-love: - name: Update slack deployment failed if: failure() @@ -103,5 +103,5 @@ jobs: env: STATUS_COLOR: d81313 STATUS_TITLE: Building and Deploying Docker Container - STATUS_VALUE: Failed + STATUS_VALUE: Failed :skull_and_crossbones: diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index fe2c8f61..f49663d0 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -8,7 +8,7 @@ "type": "header", "text": { "type": "plain_text", - "text": ":link-run: Github Action Notification :link-run:\n{{ github.workflow }}", + "text": ":link-wut: Github Action Notification :link-wut:\n{{ github.workflow }}", "emoji": true } }, @@ -45,11 +45,17 @@ } }, { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "{{ env.STATUS_TITLE }} (__{{ env.STATUS_VALUE }}__)" - } + "type": "context", + "elements": [ + { + "type": "mrkdwn", + "text": "Action: *{{ env.STATUS_TITLE }}*" + }, + { + "type": "mrkdwn", + "text": "Status: *{{ env.STATUS_VALUE }}*" + } + ] } ] } From 852be226b80d48197d81829298312b632f464a03 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 17:48:04 -0400 Subject: [PATCH 075/141] Fix quotes --- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 56980d99..6aa08208 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -48,7 +48,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Building SSO Dashboard Docker Image - STATUS_VALUE: Running :link-run: + STATUS_VALUE: 'Running :link-run:' - name: 'Build and push container' run: |- @@ -66,7 +66,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Sending to Cloud Deploy - STATUS_VALUE: Running :link-run: + STATUS_VALUE: 'Running :link-run:' - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done @@ -91,7 +91,7 @@ jobs: env: STATUS_COLOR: 28a745 STATUS_TITLE: Building and Deploying Docker Container - STATUS_VALUE: Completed :link-love: + STATUS_VALUE: 'Completed :link-love:' - name: Update slack deployment failed if: failure() @@ -103,5 +103,5 @@ jobs: env: STATUS_COLOR: d81313 STATUS_TITLE: Building and Deploying Docker Container - STATUS_VALUE: Failed :skull_and_crossbones: + STATUS_VALUE: 'Failed :skull_and_crossbones:' From 58edc52a8709c64d7e5526535aa9c8fa272e2aa3 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 17:57:54 -0400 Subject: [PATCH 076/141] Fix emojis --- .github/workflows/main.yml | 12 ++++++------ .github/workflows/payload-slack-content.json | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6aa08208..dbe6a53e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -48,7 +48,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Building SSO Dashboard Docker Image - STATUS_VALUE: 'Running :link-run:' + STATUS_VALUE: ':link-run: *Running* :link-run:' - name: 'Build and push container' run: |- @@ -66,7 +66,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Sending to Cloud Deploy - STATUS_VALUE: 'Running :link-run:' + STATUS_VALUE: ':link-run: *Running* :link-run:' - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done @@ -90,8 +90,8 @@ jobs: payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: 28a745 - STATUS_TITLE: Building and Deploying Docker Container - STATUS_VALUE: 'Completed :link-love:' + STATUS_TITLE: Building and Deploy + STATUS_VALUE: ':link-love *Completed* :link-love:' - name: Update slack deployment failed if: failure() @@ -102,6 +102,6 @@ jobs: payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: d81313 - STATUS_TITLE: Building and Deploying Docker Container - STATUS_VALUE: 'Failed :skull_and_crossbones:' + STATUS_TITLE: Building and Deploy + STATUS_VALUE: ':skull_and_crossbones: *Failed* :skull_and_crossbones:' diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index f49663d0..861eb80d 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -49,11 +49,11 @@ "elements": [ { "type": "mrkdwn", - "text": "Action: *{{ env.STATUS_TITLE }}*" + "text": "Action: {{ env.STATUS_TITLE }}" }, { "type": "mrkdwn", - "text": "Status: *{{ env.STATUS_VALUE }}*" + "text": "Status: {{ env.STATUS_VALUE }}" } ] } From f9c58203ccb3153a22112fe9e5b44401fe5ae475 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 18:03:06 -0400 Subject: [PATCH 077/141] Changes emoji --- .github/workflows/main.yml | 2 +- .github/workflows/payload-slack-content.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dbe6a53e..feaf5c2b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -91,7 +91,7 @@ jobs: env: STATUS_COLOR: 28a745 STATUS_TITLE: Building and Deploy - STATUS_VALUE: ':link-love *Completed* :link-love:' + STATUS_VALUE: ':link-zelda: *Completed* :link-zelda:' - name: Update slack deployment failed if: failure() diff --git a/.github/workflows/payload-slack-content.json b/.github/workflows/payload-slack-content.json index 861eb80d..47afa4e5 100644 --- a/.github/workflows/payload-slack-content.json +++ b/.github/workflows/payload-slack-content.json @@ -49,7 +49,7 @@ "elements": [ { "type": "mrkdwn", - "text": "Action: {{ env.STATUS_TITLE }}" + "text": "Action: *{{ env.STATUS_TITLE }}*" }, { "type": "mrkdwn", From 78be3d66effd0a4adcd5982e3892f991e0d94a07 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 18:07:25 -0400 Subject: [PATCH 078/141] More emoji tweaking --- .github/workflows/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index feaf5c2b..b267e80f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -47,8 +47,8 @@ jobs: payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: dbab09 - STATUS_TITLE: Building SSO Dashboard Docker Image - STATUS_VALUE: ':link-run: *Running* :link-run:' + STATUS_TITLE: Building Docker Image + STATUS_VALUE: ':link-run: *Running*' - name: 'Build and push container' run: |- @@ -66,7 +66,7 @@ jobs: env: STATUS_COLOR: dbab09 STATUS_TITLE: Sending to Cloud Deploy - STATUS_VALUE: ':link-run: *Running* :link-run:' + STATUS_VALUE: ':link-run: *Running*' - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done @@ -91,7 +91,7 @@ jobs: env: STATUS_COLOR: 28a745 STATUS_TITLE: Building and Deploy - STATUS_VALUE: ':link-zelda: *Completed* :link-zelda:' + STATUS_VALUE: ':link-zelda: *Completed*' - name: Update slack deployment failed if: failure() @@ -103,5 +103,5 @@ jobs: env: STATUS_COLOR: d81313 STATUS_TITLE: Building and Deploy - STATUS_VALUE: ':skull_and_crossbones: *Failed* :skull_and_crossbones:' + STATUS_VALUE: ':skull_and_crossbones: *Failed*' From 201aeed45b1fee2c1058d5d9f625d7d06577fe40 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 18:27:45 -0400 Subject: [PATCH 079/141] Add final step to deploy gha to view pipeline --- .github/workflows/main.yml | 7 ++++++ .github/workflows/payload-slack-deploy.json | 25 +++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 .github/workflows/payload-slack-deploy.json diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b267e80f..05e2b770 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -93,6 +93,13 @@ jobs: STATUS_TITLE: Building and Deploy STATUS_VALUE: ':link-zelda: *Completed*' + - name: Update slack deployment ready for promotion + if: success() + uses: slackapi/slack-github-action@v1.24.0 + with: + channel-id: ${{ env.CHANNEL_IDS }} + payload-file-path: ".github/workflows/payload-slack-deploy.json" + - name: Update slack deployment failed if: failure() uses: slackapi/slack-github-action@v1.24.0 diff --git a/.github/workflows/payload-slack-deploy.json b/.github/workflows/payload-slack-deploy.json new file mode 100644 index 00000000..90884f27 --- /dev/null +++ b/.github/workflows/payload-slack-deploy.json @@ -0,0 +1,25 @@ +{ + "text": "{{ env.RELEASE_NAME }} Ready for Promotion", + "attachments": [ + { + "color": "28a745", + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": ":rocket: SSO Dashboard ({{ env.RELEASE_NAME }}) is ready for Promotion", + "emoji": true + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": ":link: |Click here to view deploy pipeline" + } + } + ] + } + ] +} From 3197ee7054e58175c6949912be19f96e488bd7bc Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 18:36:40 -0400 Subject: [PATCH 080/141] Fix markdown --- .github/workflows/payload-slack-deploy.json | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/payload-slack-deploy.json b/.github/workflows/payload-slack-deploy.json index 90884f27..cf055c0c 100644 --- a/.github/workflows/payload-slack-deploy.json +++ b/.github/workflows/payload-slack-deploy.json @@ -1,5 +1,5 @@ { - "text": "{{ env.RELEASE_NAME }} Ready for Promotion", + "text": "", "attachments": [ { "color": "28a745", @@ -8,7 +8,7 @@ "type": "header", "text": { "type": "plain_text", - "text": ":rocket: SSO Dashboard ({{ env.RELEASE_NAME }}) is ready for Promotion", + "text": ":rocket: SSO Dashboard is ready for Promotion", "emoji": true } }, @@ -16,7 +16,22 @@ "type": "section", "text": { "type": "mrkdwn", - "text": ":link: |Click here to view deploy pipeline" + "text": ":link: " + } + }, + + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Build: *{{ env.RELEASE_NAME }}*" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": ":link: " } } ] From b514f72891c07aa6b7bc80a5bc404c509eb659c5 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Thu, 8 Jun 2023 18:40:55 -0400 Subject: [PATCH 081/141] Remove extra section --- .github/workflows/payload-slack-deploy.json | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/payload-slack-deploy.json b/.github/workflows/payload-slack-deploy.json index cf055c0c..842c40c6 100644 --- a/.github/workflows/payload-slack-deploy.json +++ b/.github/workflows/payload-slack-deploy.json @@ -12,14 +12,6 @@ "emoji": true } }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":link: " - } - }, - { "type": "section", "text": { From c108aac467b6b60938b5ed4349f40c09eca74207 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 9 Jun 2023 15:25:49 -0400 Subject: [PATCH 082/141] Add dev to deploy pipeline --- clouddeploy/clouddeploy.template.yaml | 51 -------- clouddeploy/skaffold.template.yaml | 4 + clouddeploy/sso-dashboard-dev.template.yaml | 109 ++++++++++++++++++ .../sso-dashboard-staging.template.yaml | 20 ++-- 4 files changed, 123 insertions(+), 61 deletions(-) delete mode 100644 clouddeploy/clouddeploy.template.yaml create mode 100644 clouddeploy/sso-dashboard-dev.template.yaml diff --git a/clouddeploy/clouddeploy.template.yaml b/clouddeploy/clouddeploy.template.yaml deleted file mode 100644 index 6ae23e72..00000000 --- a/clouddeploy/clouddeploy.template.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: deploy.cloud.google.com/v1 -kind: DeliveryPipeline -metadata: - name: 'sso-dashboard' -description: 'Deployment pipeline for sso-dashboard' -serialPipeline: - stages: - - targetId: 'staging' - profiles: ['staging'] - - targetId: 'prod' - profiles: ['prod'] ---- -apiVersion: deploy.cloud.google.com/v1 -kind: Target -metadata: - name: 'staging' -description: 'Staging target' -run: - location: 'projects/${PROJECT_ID}/locations/${REGION}' -executionConfigs: -- usages: - - RENDER - - DEPLOY - serviceAccount: sso-dashboard-staging@iam-auth0.iam.gserviceaccount.com ---- -apiVersion: deploy.cloud.google.com/v1 -kind: Target -metadata: - name: 'prod' -description: 'Production target' -run: - location: 'projects/${PROJECT_ID}/locations/${REGION}' -executionConfigs: -- usages: - - RENDER - - DEPLOY - serviceAccount: sso-dashboard-prod@iam-auth0.iam.gserviceaccount.com diff --git a/clouddeploy/skaffold.template.yaml b/clouddeploy/skaffold.template.yaml index 2a28ca1c..92a45497 100644 --- a/clouddeploy/skaffold.template.yaml +++ b/clouddeploy/skaffold.template.yaml @@ -19,6 +19,10 @@ metadata: deploy: cloudrun: {} profiles: + - name: 'dev' + manifests: + rawYaml: + - 'sso-dashboard-dev.yaml' - name: 'staging' manifests: rawYaml: diff --git a/clouddeploy/sso-dashboard-dev.template.yaml b/clouddeploy/sso-dashboard-dev.template.yaml new file mode 100644 index 00000000..d82e426b --- /dev/null +++ b/clouddeploy/sso-dashboard-dev.template.yaml @@ -0,0 +1,109 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: 'sso-dashboard-staging' +spec: + template: + metadata: + annotations: + autoscaling.knative.dev/maxScale: '1' + spec: + containers: + - name: 'sso-dashboard' + image: 'app' + command: + - gunicorn + - 'dashboard.app:app' + args: + - '--worker-class' + - gevent + - '--bind' + - '0.0.0.0:8000' + - '--workers=2' + - '--log-level=debug' + ports: + - name: http1 + containerPort: 8000 + env: + - name: 'TARGET' + value: 'Staging' + - name: SSO-DASHBOARD_DEBUG + value: False + - name: SSO-DASHBOARD_TESTING + value: False + - name: SSO-DASHBOARD_CSRF_ENABLED + value: True + - name: SSO-DASHBOARD_PERMANENT_SESSION + value: True + - name: SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME + value: 86400 + - name: SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY + value: True + - name: SSO-DASHBOARD_LOGGER_NAME + value: sso-dashboard + - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME + value: https + - name: SSO-DASHBOARD_OIDC_CLIENT_ID + value: 2KNOUCxN8AFnGGjDCGtqiDIzq8MKXi2h + - name: SSO-DASHBOARD_OIDC_DOMAIN + value: dev.mozilla-dev.auth0.com + - name: SSO-DASHBOARD_SERVER_NAME + value: sso.allizom.org + - name: SSO-DASHBOARD_CDN + value: https://cdn.sso.mozilla.com + - name: SSO-DASHBOARD_S3_BUCKET + value: sso-dashboard.configuration + - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY + value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n" + - name: AWS_DEFAULT_REGION + value: us-west-2 + - name: ENVIRONMENT + value: Staging + - name: MOZILLIANS_API_URL + value: https://mozillians.org/api/v2/users/ + - name: DASHBOARD_GUNICORN_WORKERS + value: 2 + - name: FLASK_DEBUG + value: False + - name: DEBUG + value: False + - name: LANG + value: en_US.utf8 + - name: FLASK_APP + value: dashboard/app.py + - name: OIDC_REDIRECT_URI + value: https://sso.allizom.org/redirect_uri + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-aws-secret-access-key + - name: SSO-DASHBOARD_SECRET_KEY + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-dev-secret-key + - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-dev-oidc-client-secret + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: latest + name: sso-dashboard-aws-access-key-id diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index d82e426b..fa1d5400 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -15,7 +15,7 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: - name: 'sso-dashboard-staging' + name: 'sso-dashboard-prod' spec: template: metadata: @@ -39,8 +39,8 @@ spec: - name: http1 containerPort: 8000 env: - - name: 'TARGET' - value: 'Staging' + - name: TARGET + value: Prod - name: SSO-DASHBOARD_DEBUG value: False - name: SSO-DASHBOARD_TESTING @@ -58,11 +58,11 @@ spec: - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME value: https - name: SSO-DASHBOARD_OIDC_CLIENT_ID - value: 2KNOUCxN8AFnGGjDCGtqiDIzq8MKXi2h + value: UCOY390lYDxgj5rU8EeXRtN6EP005k7V - name: SSO-DASHBOARD_OIDC_DOMAIN - value: dev.mozilla-dev.auth0.com + value: auth.mozilla.auth0.com - name: SSO-DASHBOARD_SERVER_NAME - value: sso.allizom.org + value: staging.sso.mozilla.com - name: SSO-DASHBOARD_CDN value: https://cdn.sso.mozilla.com - name: SSO-DASHBOARD_S3_BUCKET @@ -72,7 +72,7 @@ spec: - name: AWS_DEFAULT_REGION value: us-west-2 - name: ENVIRONMENT - value: Staging + value: Prod - name: MOZILLIANS_API_URL value: https://mozillians.org/api/v2/users/ - name: DASHBOARD_GUNICORN_WORKERS @@ -86,7 +86,7 @@ spec: - name: FLASK_APP value: dashboard/app.py - name: OIDC_REDIRECT_URI - value: https://sso.allizom.org/redirect_uri + value: https://sso.mozilla.com/redirect_uri - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: @@ -96,12 +96,12 @@ spec: valueFrom: secretKeyRef: key: latest - name: sso-dashboard-dev-secret-key + name: sso-dashboard-prod-secret-key - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET valueFrom: secretKeyRef: key: latest - name: sso-dashboard-dev-oidc-client-secret + name: sso-dashboard-prod-oidc-client-secret - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: From fe7ba7b313caa60368474f384128b3d5b46e2341 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 9 Jun 2023 15:42:04 -0400 Subject: [PATCH 083/141] Fix deploy profile names --- clouddeploy/sso-dashboard-dev.template.yaml | 2 +- clouddeploy/sso-dashboard-prod.template.yaml | 2 +- clouddeploy/sso-dashboard-staging.template.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clouddeploy/sso-dashboard-dev.template.yaml b/clouddeploy/sso-dashboard-dev.template.yaml index d82e426b..e15f4ded 100644 --- a/clouddeploy/sso-dashboard-dev.template.yaml +++ b/clouddeploy/sso-dashboard-dev.template.yaml @@ -15,7 +15,7 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: - name: 'sso-dashboard-staging' + name: 'sso-dashboard-dev' spec: template: metadata: diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index 70639690..11c5d8db 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -20,7 +20,7 @@ spec: template: metadata: annotations: - autoscaling.knative.dev/maxScale: '1' + autoscaling.knative.dev/maxScale: '2' spec: containers: - name: 'sso-dashboard' diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index fa1d5400..13119b79 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -15,12 +15,12 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: - name: 'sso-dashboard-prod' + name: 'sso-dashboard-staging' spec: template: metadata: annotations: - autoscaling.knative.dev/maxScale: '1' + autoscaling.knative.dev/maxScale: '2' spec: containers: - name: 'sso-dashboard' From a867464444eb40862e717fb7ae5a153467df3fa3 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 9 Jun 2023 16:56:22 -0400 Subject: [PATCH 084/141] Change slack channel ID --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 05e2b770..dcbf53ec 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,7 +11,7 @@ env: GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 REGION: us-east1 - CHANNEL_IDS: G01AC4VU4UV + CHANNEL_IDS: C05AMLCL4JX jobs: deploy: From ff0b3d8f8bda51cbd00fafcdd29449f2b4fce4b1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 9 Jun 2023 19:03:11 -0400 Subject: [PATCH 085/141] Remove unused Person API --- dashboard/__init__.py | 2 +- dashboard/app.py | 16 ----------- dashboard/models/user.py | 22 +++------------ dashboard/person.py | 58 ---------------------------------------- 4 files changed, 4 insertions(+), 94 deletions(-) delete mode 100644 dashboard/person.py diff --git a/dashboard/__init__.py b/dashboard/__init__.py index f4cb7a71..9322944a 100644 --- a/dashboard/__init__.py +++ b/dashboard/__init__.py @@ -13,7 +13,7 @@ __version__ = "0.0.1" -__all__ = ["app", "auth", "config", "models", "person", "s3", "utils", "vanity"] +__all__ = ["app", "auth", "config", "models", "s3", "utils", "vanity"] diff --git a/dashboard/app.py b/dashboard/app.py index 698df1c3..c8c7cf1a 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -20,7 +20,6 @@ from dashboard import oidc_auth from dashboard import config from dashboard import get_config -from dashboard import person from dashboard import vanity from dashboard.api import idp @@ -67,7 +66,6 @@ oidc_config = config.OIDCConfig() authentication = oidc_auth.OpenIDConnect(oidc_config) oidc = authentication.get_oidc(app) -person_api = person.API() vanity_router = vanity.Router(app, app_list).setup() @@ -165,19 +163,6 @@ def dashboard(): ) ) - if "Mozilla-LDAP" in session.get("userinfo")["sub"]: - logger.info("Mozilla IAM user detected. Attempt enriching with ID-Vault data.") - try: - session["idvault_userinfo"] = person_api.get_userinfo( - session.get("id_token")["sub"] - ) - except Exception as e: - logger.error( - "Could not enrich profile due to: {}. Perhaps it doesn't exist?".format( - e - ) - ) - # Hotfix to set user id for firefox alert # XXXTBD Refactor rules later to support full id_conformant session session["userinfo"]["user_id"] = session.get("id_token")["sub"] @@ -272,7 +257,6 @@ def info(): return jsonify( id_token=session.get("id_token"), userinfo=session.get("userinfo"), - person_api_v1=session.get("idvault_userinfo"), ) diff --git a/dashboard/models/user.py b/dashboard/models/user.py index cc1abb88..64a1c799 100644 --- a/dashboard/models/user.py +++ b/dashboard/models/user.py @@ -15,7 +15,6 @@ def __init__(self, session, app_config): self.id_token = session.get("id_token", None) self.app_config = app_config self.userinfo = session.get("userinfo") - self.idvault_info = session.get("idvault_userinfo") def email(self): try: @@ -44,12 +43,7 @@ def apps(self, app_list): @property def avatar(self): - if self.idvault_info: - picture_url = self.idvault_info.get("picture") - else: - picture_url = None - - return picture_url + return None def group_membership(self): """Return list of group membership if user is asserted from ldap.""" @@ -77,22 +71,12 @@ def group_membership(self): @property def first_name(self): """Return user first_name.""" - try: - return self.idvault_info.get("firstName", "") - except KeyError: - return "" - except AttributeError: - return "" + return "" @property def last_name(self): """Return user last_name.""" - try: - return self.idvault_info.get("lastName", "") - except KeyError: - return "" - except AttributeError: - return "" + return "" def user_identifiers(self): """Construct a list of potential user identifiers to match on.""" diff --git a/dashboard/person.py b/dashboard/person.py deleted file mode 100644 index cb1bc470..00000000 --- a/dashboard/person.py +++ /dev/null @@ -1,58 +0,0 @@ -import http.client -import json -# Commenting out in since CISv1 is no longer up and running -# todo: this will need to get modified to reach out to person api v2 -# import urllib - -from dashboard import config - - -class API(object): - """Retrieve data from person api as needed. Will eventually replace Mozillians API""" - - def __init__(self): - """ - :param session: the flask session to update with userinfo - """ - self.config = config.OIDCConfig() - self.person_api_url = self._get_url() - - def get_bearer(self): - conn = http.client.HTTPSConnection(self.config.OIDC_DOMAIN) - payload = json.dumps( - { - "client_id": self.config.OIDC_CLIENT_ID, - "client_secret": self.config.OIDC_CLIENT_SECRET, - "audience": "https://{}".format(self._get_url()), - "grant_type": "client_credentials", - } - ) - - headers = {"content-type": "application/json"} - - conn.request("POST", "/oauth/token", payload, headers) - res = conn.getresponse() - data = res.read() - return json.loads(data.decode("utf-8")) - - def get_userinfo(self, auth_zero_id): - return - # # Commenting out in since CISv1 is no longer up and running - # # todo: this will need to get modified to reach out to person api v2 - # user_id = urllib.parse.quote(auth_zero_id) - # conn = http.client.HTTPSConnection("{}".format(self.person_api_url)) - # token = "Bearer {}".format(self.get_bearer().get("access_token")) - - # headers = {"authorization": token} - - # conn.request("GET", "/v1/profile/{}".format(user_id), headers=headers) - - # res = conn.getresponse() - # data = res.read() - # return json.loads(json.loads(data.decode("utf-8")).get("body")) - - def _get_url(self): - if self.config.OIDC_DOMAIN == "auth.mozilla.auth0.com": - return "person-api.sso.mozilla.com" - else: - return "person-api.sso.allizom.org" From 5bedde34d36bcce5ffcb06bf2216b3ac548da64b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Fri, 9 Jun 2023 19:17:25 -0400 Subject: [PATCH 086/141] Include email in OIDC scopes --- dashboard/oidc_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/oidc_auth.py b/dashboard/oidc_auth.py index 37b97d4d..70234552 100644 --- a/dashboard/oidc_auth.py +++ b/dashboard/oidc_auth.py @@ -24,7 +24,7 @@ def client_info(self): return client_info def provider_info(self): - auth_request_params = {"scope": ["openid", "profile"]} + auth_request_params = {"scope": ["openid", "profile", "email"]} provider_config = ProviderConfiguration( issuer="https://{DOMAIN}".format(DOMAIN=self.oidc_config.OIDC_DOMAIN), client_metadata=self.client_info(), From 92a86084a568c634e6374375a78ee57ac7f7ff16 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 08:11:28 -0400 Subject: [PATCH 087/141] Remove AWS code build config --- buildspec-k8s.yml | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 buildspec-k8s.yml diff --git a/buildspec-k8s.yml b/buildspec-k8s.yml deleted file mode 100644 index b8973942..00000000 --- a/buildspec-k8s.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: 0.2 - -phases: - install: - runtime-versions: - docker: 18 - python: 3.7 - commands: - - make setup-codebuild - pre_build: - commands: - - export COMMIT_SHA=${CODEBUILD_RESOLVED_SOURCE_VERSION} # Commit SHA that triggered this build - - export DEPLOY_ENV=$(echo ${CODEBUILD_WEBHOOK_TRIGGER} | sed -e 's/branch\/master/dev/' | sed -e 's/branch\/production/prod/') - - if [ -z "${DEPLOY_ENV}" ]; then export DEPLOY_ENV="dev"; fi - - echo "Running for ${COMMIT_SHA} in ${DEPLOY_ENV}" - - make login CLUSTER_NAME=${CLUSTER_NAME} - build: - commands: - - make build COMMIT_SHA=${CODEBUILD_RESOLVED_SOURCE_VERSION} - - make push DOCKER_DEST=${DOCKER_REPO}:${CODEBUILD_RESOLVED_SOURCE_VERSION} - post_build: - commands: - - make release STAGE=${DEPLOY_ENV} From 62a654c9792bece547d227330c17a27117e389f7 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 09:07:14 -0400 Subject: [PATCH 088/141] Add release version to docker image --- .github/workflows/main.yml | 2 +- Dockerfile | 2 ++ dashboard/app.py | 5 +++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dcbf53ec..ccf00c78 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -52,7 +52,7 @@ jobs: - name: 'Build and push container' run: |- - docker build \ + docker build --build-arg $RELEASE_NAME \ -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" diff --git a/Dockerfile b/Dockerfile index e7c5c1a8..5d527e44 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM python:3.7-bullseye +ARG RELEASE_NAME +RUN echo "{\"version\":\"$RELEASE_NAME\"}" > /version.json RUN apt update && apt install -y nodejs npm \ && rm -rf /var/lib/apt/lists/* RUN npm install -g sass diff --git a/dashboard/app.py b/dashboard/app.py index c8c7cf1a..a19a22e3 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -87,6 +87,11 @@ def home(): def csp_report(): return "200" +@app.route("/version", methods=["GET"]) +def get_version(): + with open("/version.json", "r") as version: + v = version.read() + return v # XXX This needs to load the schema from a better location # See also https://github.com/mozilla/iam-project-backlog/issues/161 From 69ab6a6405e17bc5973266774096cd8aa022f6c7 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 09:17:04 -0400 Subject: [PATCH 089/141] Fix env var --- .github/workflows/main.yml | 2 +- Dockerfile | 2 +- dashboard/app.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ccf00c78..ff1f19f2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -52,7 +52,7 @@ jobs: - name: 'Build and push container' run: |- - docker build --build-arg $RELEASE_NAME \ + docker build --build-arg "${{ env.RELEASE_NAME }}" \ -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" diff --git a/Dockerfile b/Dockerfile index 5d527e44..5227100c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM python:3.7-bullseye ARG RELEASE_NAME -RUN echo "{\"version\":\"$RELEASE_NAME\"}" > /version.json +RUN echo $RELEASE_NAME > /version.json RUN apt update && apt install -y nodejs npm \ && rm -rf /var/lib/apt/lists/* RUN npm install -g sass diff --git a/dashboard/app.py b/dashboard/app.py index a19a22e3..eed1a462 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -91,7 +91,7 @@ def csp_report(): def get_version(): with open("/version.json", "r") as version: v = version.read() - return v + return jsonify(build_version=v) # XXX This needs to load the schema from a better location # See also https://github.com/mozilla/iam-project-backlog/issues/161 From d5822a2a3cef951dfbcbec40ab40ca9df09c5674 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 09:23:44 -0400 Subject: [PATCH 090/141] Fixed docker build arg --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ff1f19f2..a8b7bc72 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -52,7 +52,7 @@ jobs: - name: 'Build and push container' run: |- - docker build --build-arg "${{ env.RELEASE_NAME }}" \ + docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} \ -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" From 1f492380a85676bba3df3c2a57b3986a87011962 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 14:05:35 -0400 Subject: [PATCH 091/141] chomp newline on build version --- dashboard/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/app.py b/dashboard/app.py index eed1a462..889b08f9 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -90,7 +90,7 @@ def csp_report(): @app.route("/version", methods=["GET"]) def get_version(): with open("/version.json", "r") as version: - v = version.read() + v = version.read().replace("\n","") return jsonify(build_version=v) # XXX This needs to load the schema from a better location From 6d02e95b48ab891251ee9aeed54a23084f06c63f Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 21:29:06 -0400 Subject: [PATCH 092/141] Major rewrite of gha --- .github/workflows/main.yml | 139 ++++++++++++++++---- .github/workflows/payload-slack-status.json | 15 --- 2 files changed, 114 insertions(+), 40 deletions(-) delete mode 100644 .github/workflows/payload-slack-status.json diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a8b7bc72..cb89e9b0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,22 +6,89 @@ on: branches: - 'revamp' +defaults: + runs-on: ubuntu-latest + +permissions: + contents: 'read' + id-token: 'write' + env: APP: sso-dashboard GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 REGION: us-east1 CHANNEL_IDS: C05AMLCL4JX + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} jobs: - deploy: - permissions: - contents: 'read' - id-token: 'write' + init: + name: Init + outputs: + release_name: ${{ steps.release_name.outputs.release_name }} + slack_ts: ${{ steps.slack_ts.outputs.ts }} + steps: + - name: 'Create release name' + id: release_name + run: |- + echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT" + + - name: Send initial slack notification + uses: slackapi/slack-github-action@v1.24.0 + id: slack + with: + channel-id: ${{ env.CHANNEL_IDS }} + payload-file-path: ".github/workflows/payload-slack-content.json" + env: + STATUS_COLOR: dbab09 + STATUS_TITLE: Starting Deployment Pipeline + STATUS_VALUE: ':link-run: *Running*' + + - name: Output slack ts + id: slack_ts + run: echo ${{ steps.slack.outputs.ts }} >> "$GITHUB_OUTPUT" + + lint: + name: Linting + needs: init + env: + RELEASE_NAME: ${{needs.init.outputs.release_name}} + steps: + - name: Update slack notification + uses: slackapi/slack-github-action@v1.24.0 + with: + update-ts: ${{ needs.init.outputs.slack_ts }} + channel-id: ${{ env.CHANNEL_IDS }} + payload-file-path: ".github/workflows/payload-slack-content.json" + env: + STATUS_COLOR: dbab09 + STATUS_TITLE: Linting + STATUS_VALUE: ':link-run: *Running*' + + - name: 'Checkout' + uses: 'actions/checkout@v3' + + - name: + run: echo Linting + + build: + name: Building + needs: [ init, lint ] env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} - runs-on: ubuntu-latest + RELEASE_NAME: ${{needs.init.outputs.release_name}} + DOCKER_TAG: "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" steps: + - name: Update slack notification + uses: slackapi/slack-github-action@v1.24.0 + with: + update-ts: ${{ needs.init.outputs.slack_ts }} + channel-id: ${{ env.CHANNEL_IDS }} + payload-file-path: ".github/workflows/payload-slack-content.json" + env: + STATUS_COLOR: dbab09 + STATUS_TITLE: Building Docker Image + STATUS_VALUE: ':link-run: *Running*' + - name: 'Checkout' uses: 'actions/checkout@v3' @@ -35,32 +102,41 @@ jobs: - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev - - name: 'Create release name' + - name: 'Build and push container' run: |- - echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> ${GITHUB_ENV} + docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} -t "${{ env.DOCKER_TAG }}" . + docker push "${{ env.DOCKER_TAG }}" - - name: Send initial slack notification + testing: + name: Testing + needs: [ init, lint, build ] + env: + RELEASE_NAME: ${{needs.init.outputs.release_name}} + steps: + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 - id: slack with: + update-ts: ${{ needs.init.outputs.slack_ts }} channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: dbab09 - STATUS_TITLE: Building Docker Image + STATUS_TITLE: Testing STATUS_VALUE: ':link-run: *Running*' - - name: 'Build and push container' - run: |- - docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} \ - -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" . - docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" + - name: Testing + run: echo Testing - - name: Update slack build in progress - if: success() + deploy: + name: Sending to Cloud Deploy + needs: [ init, lint, build, testing ] + env: + RELEASE_NAME: ${{needs.init.outputs.release_name}} + steps: + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 with: - update-ts: ${{ steps.slack.outputs.ts }} + update-ts: ${{ needs.init.outputs.slack_ts }} channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" env: @@ -68,6 +144,13 @@ jobs: STATUS_TITLE: Sending to Cloud Deploy STATUS_VALUE: ':link-run: *Running*' + - name: 'Google auth' + id: 'auth' + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done @@ -81,11 +164,18 @@ jobs: skaffold_file: 'clouddeploy/skaffold.yaml' images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' + final: + name: Send final Slack notification + needs: [ init, lint, build, testing, deploy ] + if: always() + env: + RELEASE_NAME: ${{needs.init.outputs.release_name}} + steps: - name: Update slack deployment complete - if: success() + if: needs.deploy.result == success uses: slackapi/slack-github-action@v1.24.0 with: - update-ts: ${{ steps.slack.outputs.ts }} + update-ts: ${{ needs.init.outputs.slack_ts }} channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" env: @@ -94,21 +184,20 @@ jobs: STATUS_VALUE: ':link-zelda: *Completed*' - name: Update slack deployment ready for promotion - if: success() + if: needs.deploy.result == success uses: slackapi/slack-github-action@v1.24.0 with: channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-deploy.json" - name: Update slack deployment failed - if: failure() + if: needs.lint.result == failure || needs.build.result == failure || needs.testing.result == failure || needs.deploy.result == failure uses: slackapi/slack-github-action@v1.24.0 with: - update-ts: ${{ steps.slack.outputs.ts }} + update-ts: ${{ needs.init.outputs.slack_ts }} channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: d81313 STATUS_TITLE: Building and Deploy STATUS_VALUE: ':skull_and_crossbones: *Failed*' - diff --git a/.github/workflows/payload-slack-status.json b/.github/workflows/payload-slack-status.json deleted file mode 100644 index a0e1ffc9..00000000 --- a/.github/workflows/payload-slack-status.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "text": "{{ env.STATUS_TITLE }}: ({{ env.RELEASE_NAME }}) {{ env.STATUS_VALUE }}", - "attachments": [ - { - "color": "{{ env.STATUS_COLOR }}", - "fields": [ - { - "title": "{{ env.STATUS_TITLE }}", - "short": true, - "value": "[{{ env.RELEASE_NAME }}]\nStatus: {{ env.STATUS_VALUE }}" - } - ] - } - ] -} From 237116d49e00c92cceae7ce740e29e5d146aa682 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 21:40:52 -0400 Subject: [PATCH 093/141] Fix run-as in GHA --- .github/workflows/main.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cb89e9b0..c93c3bff 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,9 +6,6 @@ on: branches: - 'revamp' -defaults: - runs-on: ubuntu-latest - permissions: contents: 'read' id-token: 'write' @@ -24,6 +21,7 @@ env: jobs: init: name: Init + runs-on: ubuntu-latest outputs: release_name: ${{ steps.release_name.outputs.release_name }} slack_ts: ${{ steps.slack_ts.outputs.ts }} @@ -51,6 +49,7 @@ jobs: lint: name: Linting needs: init + runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: @@ -74,6 +73,7 @@ jobs: build: name: Building needs: [ init, lint ] + runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} DOCKER_TAG: "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" @@ -110,6 +110,7 @@ jobs: testing: name: Testing needs: [ init, lint, build ] + runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: @@ -130,6 +131,7 @@ jobs: deploy: name: Sending to Cloud Deploy needs: [ init, lint, build, testing ] + runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: @@ -167,6 +169,7 @@ jobs: final: name: Send final Slack notification needs: [ init, lint, build, testing, deploy ] + runs-on: ubuntu-latest if: always() env: RELEASE_NAME: ${{needs.init.outputs.release_name}} From 785af0745c4d20c0a0d76b985b3302cc10518a77 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 21:50:25 -0400 Subject: [PATCH 094/141] Fix GHA --- .github/workflows/main.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c93c3bff..33140d06 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,12 +24,16 @@ jobs: runs-on: ubuntu-latest outputs: release_name: ${{ steps.release_name.outputs.release_name }} - slack_ts: ${{ steps.slack_ts.outputs.ts }} + docker_tag: ${{ steps.docker_tag.outputs.docker_tag }} + slack_ts: ${{ steps.slack_ts.outputs.slack_ts }} steps: - name: 'Create release name' id: release_name - run: |- - echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT" + run: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT" + + - name: 'Create docker tag' + id: docker_tag + run: echo "DOCKER_TAG=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" >> "$GITHUB_OUTPUT" - name: Send initial slack notification uses: slackapi/slack-github-action@v1.24.0 @@ -44,7 +48,7 @@ jobs: - name: Output slack ts id: slack_ts - run: echo ${{ steps.slack.outputs.ts }} >> "$GITHUB_OUTPUT" + run: echo "SLACK_TS=${{ steps.slack.outputs.ts }}" >> "$GITHUB_OUTPUT" lint: name: Linting @@ -76,7 +80,7 @@ jobs: runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} - DOCKER_TAG: "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" + DOCKER_TAG: ${{needs.init.outputs.docker_tag}} steps: - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 From bbf550bebfa93849fef2d22a8131a716447f251d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 21:54:20 -0400 Subject: [PATCH 095/141] Fix GHA --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 33140d06..e60ae5ab 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -179,7 +179,7 @@ jobs: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: - name: Update slack deployment complete - if: needs.deploy.result == success + if: needs.deploy.result == 'success' uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ needs.init.outputs.slack_ts }} @@ -191,14 +191,14 @@ jobs: STATUS_VALUE: ':link-zelda: *Completed*' - name: Update slack deployment ready for promotion - if: needs.deploy.result == success + if: needs.deploy.result == 'success' uses: slackapi/slack-github-action@v1.24.0 with: channel-id: ${{ env.CHANNEL_IDS }} payload-file-path: ".github/workflows/payload-slack-deploy.json" - name: Update slack deployment failed - if: needs.lint.result == failure || needs.build.result == failure || needs.testing.result == failure || needs.deploy.result == failure + if: needs.lint.result == 'failure' || needs.build.result == 'failure' || needs.testing.result == 'failure' || needs.deploy.result == 'failure' uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ needs.init.outputs.slack_ts }} From b77e1fed298eaaa49dc41436c8a7b0ef0a131c5d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 21:57:48 -0400 Subject: [PATCH 096/141] Fix GHA --- .github/workflows/main.yml | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e60ae5ab..73acd3c9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -27,6 +27,9 @@ jobs: docker_tag: ${{ steps.docker_tag.outputs.docker_tag }} slack_ts: ${{ steps.slack_ts.outputs.slack_ts }} steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + - name: 'Create release name' id: release_name run: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT" @@ -57,6 +60,9 @@ jobs: env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 with: @@ -68,9 +74,6 @@ jobs: STATUS_TITLE: Linting STATUS_VALUE: ':link-run: *Running*' - - name: 'Checkout' - uses: 'actions/checkout@v3' - - name: run: echo Linting @@ -82,6 +85,9 @@ jobs: RELEASE_NAME: ${{needs.init.outputs.release_name}} DOCKER_TAG: ${{needs.init.outputs.docker_tag}} steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 with: @@ -93,9 +99,6 @@ jobs: STATUS_TITLE: Building Docker Image STATUS_VALUE: ':link-run: *Running*' - - name: 'Checkout' - uses: 'actions/checkout@v3' - - name: 'Google auth' id: 'auth' uses: 'google-github-actions/auth@v1' @@ -118,6 +121,9 @@ jobs: env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 with: @@ -139,6 +145,9 @@ jobs: env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 with: @@ -178,6 +187,9 @@ jobs: env: RELEASE_NAME: ${{needs.init.outputs.release_name}} steps: + - name: 'Checkout' + uses: 'actions/checkout@v3' + - name: Update slack deployment complete if: needs.deploy.result == 'success' uses: slackapi/slack-github-action@v1.24.0 From 9083ffef4b0cc704c6161970ee64baee59c10b29 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 22:04:05 -0400 Subject: [PATCH 097/141] Test failure in GHA --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 73acd3c9..e7251528 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -75,7 +75,7 @@ jobs: STATUS_VALUE: ':link-run: *Running*' - name: - run: echo Linting + run: exit 1 build: name: Building From 067836b67f957e6c88769e7e9b628b4a7d870873 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 22:53:05 -0400 Subject: [PATCH 098/141] Testing gha --- .github/workflows/main.yml | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e7251528..3b2089c3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -75,7 +75,7 @@ jobs: STATUS_VALUE: ':link-run: *Running*' - name: - run: exit 1 + run: echo Linting build: name: Building @@ -118,8 +118,11 @@ jobs: name: Testing needs: [ init, lint, build ] runs-on: ubuntu-latest + container: + image: env: RELEASE_NAME: ${{needs.init.outputs.release_name}} + DOCKER_TAG: ${{needs.init.outputs.docker_tag}} steps: - name: 'Checkout' uses: 'actions/checkout@v3' @@ -135,8 +138,24 @@ jobs: STATUS_TITLE: Testing STATUS_VALUE: ':link-run: *Running*' - - name: Testing - run: echo Testing + - name: 'Google auth' + id: 'auth' + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + + - name: 'Docker auth' + run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev + + - name: Pull docker image + run: docker pull "${{ env.DOCKER_TAG }}" + + - name: + - uses: addnab/docker-run-action@v3 + with: + image: "${{ env.DOCKER_TAG }}" + run: echo "hello world" deploy: name: Sending to Cloud Deploy @@ -144,6 +163,7 @@ jobs: runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} + DOCKER_TAG: ${{needs.init.outputs.docker_tag}} steps: - name: 'Checkout' uses: 'actions/checkout@v3' @@ -177,10 +197,10 @@ jobs: region: '${{ env.REGION }}' description: '${{ env.GITHUB_COMMIT_MSG }}' skaffold_file: 'clouddeploy/skaffold.yaml' - images: 'app=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}' + images: 'app=${{ env.DOCKER_TAG }}' final: - name: Send final Slack notification + name: Finalize Notifications needs: [ init, lint, build, testing, deploy ] runs-on: ubuntu-latest if: always() From 1ae485b38ea6834b3579cfbd2b40259d05fd18c4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 22:54:28 -0400 Subject: [PATCH 099/141] Fix syntax --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3b2089c3..a33e2116 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -151,8 +151,8 @@ jobs: - name: Pull docker image run: docker pull "${{ env.DOCKER_TAG }}" - - name: - - uses: addnab/docker-run-action@v3 + - name: Run tests + uses: addnab/docker-run-action@v3 with: image: "${{ env.DOCKER_TAG }}" run: echo "hello world" From 7fabf2d657c5cebd9a1b98830ba7693555e80b85 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 22:55:19 -0400 Subject: [PATCH 100/141] Fix syntax --- .github/workflows/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a33e2116..cf5073e6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -118,8 +118,6 @@ jobs: name: Testing needs: [ init, lint, build ] runs-on: ubuntu-latest - container: - image: env: RELEASE_NAME: ${{needs.init.outputs.release_name}} DOCKER_TAG: ${{needs.init.outputs.docker_tag}} From eb24bf69cde32db91039c70a6c179f89af664a46 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 23:12:32 -0400 Subject: [PATCH 101/141] add docker build caching --- .github/workflows/main.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cf5073e6..20154ebb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -109,10 +109,21 @@ jobs: - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev - - name: 'Build and push container' - run: |- - docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} -t "${{ env.DOCKER_TAG }}" . - docker push "${{ env.DOCKER_TAG }}" +# - name: 'Build and push container' +# run: |- +# docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} -t "${{ env.DOCKER_TAG }}" . +# docker push "${{ env.DOCKER_TAG }}" + + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: . + build-args: RELEASE_NAME=${{ env.RELEASE_NAME }} + push: true + tags: "${{ env.DOCKER_TAG }}" + cache-from: type=gha + cache-to: type=gha,mode=max + testing: name: Testing From e35690b3b6e1ffb9f1b45ce8f724bdf1bc6d0d00 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 23:15:47 -0400 Subject: [PATCH 102/141] fix docker setup action --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 20154ebb..89619dbc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -114,6 +114,9 @@ jobs: # docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} -t "${{ env.DOCKER_TAG }}" . # docker push "${{ env.DOCKER_TAG }}" + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build and push uses: docker/build-push-action@v4 with: From 38b7fe0825e4ebb11e21376328f7de1f39206e4d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 23:16:46 -0400 Subject: [PATCH 103/141] Fix typo --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 89619dbc..632bc814 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -114,7 +114,7 @@ jobs: # docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} -t "${{ env.DOCKER_TAG }}" . # docker push "${{ env.DOCKER_TAG }}" - name: Set up Docker Buildx + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Build and push From b58b47f39e4f08de63009dda2f451259f7db48d7 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 23:28:33 -0400 Subject: [PATCH 104/141] Test gha artifact storage --- .github/workflows/main.yml | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 632bc814..542161b7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -109,11 +109,6 @@ jobs: - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev -# - name: 'Build and push container' -# run: |- -# docker build --build-arg RELEASE_NAME=${{ env.RELEASE_NAME }} -t "${{ env.DOCKER_TAG }}" . -# docker push "${{ env.DOCKER_TAG }}" - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -122,11 +117,16 @@ jobs: with: context: . build-args: RELEASE_NAME=${{ env.RELEASE_NAME }} - push: true tags: "${{ env.DOCKER_TAG }}" cache-from: type=gha cache-to: type=gha,mode=max + outputs: type=docker,dest=/tmp/image.tar + - name: Upload docker image as artifact + uses: actions/upload-artifact@v3 + with: + name: "${{ env.DOCKER_TAG }}" + path: /tmp/image.tar testing: name: Testing @@ -150,18 +150,19 @@ jobs: STATUS_TITLE: Testing STATUS_VALUE: ':link-run: *Running*' - - name: 'Google auth' - id: 'auth' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - - name: 'Docker auth' - run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev + - name: Download artifact + uses: actions/download-artifact@v3 + with: + name: "${{ env.DOCKER_TAG }}" + path: /tmp - - name: Pull docker image - run: docker pull "${{ env.DOCKER_TAG }}" + - name: Load image + run: | + docker load --input /tmp/image.tar + docker image ls -a - name: Run tests uses: addnab/docker-run-action@v3 From d53cdeb6481e7149c3aad5e06aa994c0e00315c9 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 23:34:41 -0400 Subject: [PATCH 105/141] Fix artifact name --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 542161b7..d050f044 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -125,7 +125,7 @@ jobs: - name: Upload docker image as artifact uses: actions/upload-artifact@v3 with: - name: "${{ env.DOCKER_TAG }}" + name: "${{ env.RELEASE_NAME }}" path: /tmp/image.tar testing: @@ -156,7 +156,7 @@ jobs: - name: Download artifact uses: actions/download-artifact@v3 with: - name: "${{ env.DOCKER_TAG }}" + name: "${{ env.RELEASE_NAME }}" path: /tmp - name: Load image From 3da284d4db3826ff54cbeccafdcc298f78166873 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sat, 10 Jun 2023 23:52:35 -0400 Subject: [PATCH 106/141] Remove artifact --- .github/workflows/main.yml | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d050f044..1f074d63 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -112,22 +112,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build and push + - name: Build docker image with buildx uses: docker/build-push-action@v4 with: context: . + push: true build-args: RELEASE_NAME=${{ env.RELEASE_NAME }} tags: "${{ env.DOCKER_TAG }}" cache-from: type=gha cache-to: type=gha,mode=max outputs: type=docker,dest=/tmp/image.tar - - name: Upload docker image as artifact - uses: actions/upload-artifact@v3 - with: - name: "${{ env.RELEASE_NAME }}" - path: /tmp/image.tar - testing: name: Testing needs: [ init, lint, build ] @@ -150,19 +145,15 @@ jobs: STATUS_TITLE: Testing STATUS_VALUE: ':link-run: *Running*' - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Download artifact - uses: actions/download-artifact@v3 + - name: 'Google auth' + id: 'auth' + uses: 'google-github-actions/auth@v1' with: - name: "${{ env.RELEASE_NAME }}" - path: /tmp + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' - - name: Load image - run: | - docker load --input /tmp/image.tar - docker image ls -a + - name: 'Docker auth' + run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev - name: Run tests uses: addnab/docker-run-action@v3 From 88a9ed66031d139290a15ccd0558d0690852ec0b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 00:08:28 -0400 Subject: [PATCH 107/141] Add actual tests to gha --- .github/workflows/main.yml | 3 +-- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1f074d63..92c7152e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -121,7 +121,6 @@ jobs: tags: "${{ env.DOCKER_TAG }}" cache-from: type=gha cache-to: type=gha,mode=max - outputs: type=docker,dest=/tmp/image.tar testing: name: Testing @@ -159,7 +158,7 @@ jobs: uses: addnab/docker-run-action@v3 with: image: "${{ env.DOCKER_TAG }}" - run: echo "hello world" + run: "cd /dashboard && pip install -r requirements-dev.txt && python3 setup.py test && python3 setup.py pytest" deploy: name: Sending to Cloud Deploy diff --git a/Dockerfile b/Dockerfile index 5227100c..7da4c8f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ FROM python:3.7-bullseye ARG RELEASE_NAME -RUN echo $RELEASE_NAME > /version.json RUN apt update && apt install -y nodejs npm \ && rm -rf /var/lib/apt/lists/* RUN npm install -g sass @@ -16,5 +15,6 @@ RUN rm /dashboard/static/css/gen/all.css \ /dashboard/static/js/gen/packed.js \ /dashboard/data/apps.yml-etag 2& > /dev/null RUN mkdir -p /dashboard/static/img/logos +RUN echo $RELEASE_NAME > /version.json ENTRYPOINT ["/start.sh"] From 24362b275e4b3fdbf80543e3c4b3dc676e11c8ee Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 00:14:17 -0400 Subject: [PATCH 108/141] Pull docker image --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 92c7152e..c1719e97 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -154,6 +154,9 @@ jobs: - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev + - name: Pull Docker image + run: docker pull "${{ env.DOCKER_TAG }}" + - name: Run tests uses: addnab/docker-run-action@v3 with: From 3b089ed76e3a8cf208ed56fabb23939072682ad4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 00:21:42 -0400 Subject: [PATCH 109/141] Include dev requirements in Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 7da4c8f9..0686d645 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,7 @@ COPY ./files/start.sh /start.sh RUN chmod 755 /start.sh RUN pip3 install --upgrade pip COPY ./requirements.txt /dashboard/ +COPY ./requirements-dev.txt /dashboard/ RUN pip3 install -r /dashboard/requirements.txt COPY ./dashboard/ /dashboard/ RUN chmod 750 -R /dashboard From eda9cf48a2e57f00be4c164a62dd85d9d3b1ce48 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:10:02 -0400 Subject: [PATCH 110/141] Apply black linter --- dashboard/__init__.py | 1 - dashboard/api/idp.py | 17 ++++--------- dashboard/app.py | 45 ++++++++++++++-------------------- dashboard/config.py | 32 ++++++------------------ dashboard/models/alert.py | 51 ++++++++++----------------------------- dashboard/models/tile.py | 4 +-- dashboard/models/user.py | 46 +++++++++-------------------------- dashboard/oidc_auth.py | 8 +++--- dashboard/vanity.py | 7 ++---- 9 files changed, 62 insertions(+), 149 deletions(-) diff --git a/dashboard/__init__.py b/dashboard/__init__.py index 9322944a..59977584 100644 --- a/dashboard/__init__.py +++ b/dashboard/__init__.py @@ -16,7 +16,6 @@ __all__ = ["app", "auth", "config", "models", "s3", "utils", "vanity"] - def get_config(): return ConfigManager( [ diff --git a/dashboard/api/idp.py b/dashboard/api/idp.py index bb586c44..c45588b3 100644 --- a/dashboard/api/idp.py +++ b/dashboard/api/idp.py @@ -21,14 +21,11 @@ def _get_audience(self, app_config): if app_config["SERVER_NAME"] == "localhost:5000": return "https://sso.allizom.org" else: - return "https://" + self.app.config.get( - "SERVER_NAME", "sso.mozilla.com" - ) # sso.mozilla.com + return "https://" + self.app.config.get("SERVER_NAME", "sso.mozilla.com") # sso.mozilla.com # Format error response and append status code def get_token_auth_header(self): - """Obtains the Access Token from the Authorization Header - """ + """Obtains the Access Token from the Authorization Header""" auth = request.headers.get("Authorization", None) if not auth: raise AuthError( @@ -50,9 +47,7 @@ def get_token_auth_header(self): 401, ) elif len(parts) == 1: - raise AuthError( - {"code": "invalid_header", "description": "Token not found"}, 401 - ) + raise AuthError({"code": "invalid_header", "description": "Token not found"}, 401) elif len(parts) > 2: raise AuthError( { @@ -71,8 +66,7 @@ def get_jwks(self): return jwks def requires_api_auth(self, f): - """Determines if the Access Token is valid - """ + """Determines if the Access Token is valid""" @wraps(f) def decorated(*args, **kwargs): @@ -110,8 +104,7 @@ def decorated(*args, **kwargs): raise AuthError( { "code": "invalid_claims", - "description": "incorrect claims," - "please check the audience and issuer", + "description": "incorrect claims," "please check the audience and issuer", }, 401, ) diff --git a/dashboard/app.py b/dashboard/app.py index 889b08f9..9dc8cf4c 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -71,10 +71,12 @@ api = idp.AuthorizeAPI(app, oidc_config) + @app.route("/favicon.ico") def favicon(): return send_from_directory(os.path.join(app.root_path, "static/img"), "favicon.ico") + @app.route("/") def home(): if app.env == "development": @@ -83,25 +85,26 @@ def home(): url = request.url.replace("http://", "https://", 1) return redirect(url + "dashboard", code=302) + @app.route("/csp_report", methods=["POST"]) def csp_report(): return "200" + @app.route("/version", methods=["GET"]) def get_version(): with open("/version.json", "r") as version: - v = version.read().replace("\n","") + v = version.read().replace("\n", "") return jsonify(build_version=v) + # XXX This needs to load the schema from a better location # See also https://github.com/mozilla/iam-project-backlog/issues/161 @app.route("/claim") def claim(): """Show the user schema - this path is refered to by our OIDC Claim namespace, i.e.: https://sso.mozilla.com/claim/*""" - return redirect( - "https://github.com/mozilla-iam/cis/blob/master/cis/schema.json", code=302 - ) + return redirect("https://github.com/mozilla-iam/cis/blob/master/cis/schema.json", code=302) @app.errorhandler(404) @@ -120,9 +123,7 @@ def forbidden(): else: jws = request.args.get("error").encode() - token_verifier = oidc_auth.tokenVerification( - jws=jws, public_key=app.config["FORBIDDEN_PAGE_PUBLIC_KEY"] - ) + token_verifier = oidc_auth.tokenVerification(jws=jws, public_key=app.config["FORBIDDEN_PAGE_PUBLIC_KEY"]) token_verifier.verify return render_template("forbidden.html", token_verifier=token_verifier) @@ -135,9 +136,7 @@ def logout(): Redirect to new feature in NLX that destroys autologin preferences. Aka Logout is REALLY logout. """ - logout_url = "https://{}/login?client={}&action=logout".format( - oidc_config.OIDC_DOMAIN, oidc_config.OIDC_CLIENT_ID - ) + logout_url = "https://{}/login?client={}&action=logout".format(oidc_config.OIDC_DOMAIN, oidc_config.OIDC_CLIENT_ID) return redirect(logout_url, code=302) @@ -159,14 +158,10 @@ def signout(): @app.route("/dashboard") -@oidc.oidc_auth('default') +@oidc.oidc_auth("default") def dashboard(): """Primary dashboard the users will interact with.""" - logger.info( - "User: {} authenticated proceeding to dashboard.".format( - session.get("id_token")["sub"] - ) - ) + logger.info("User: {} authenticated proceeding to dashboard.".format(session.get("id_token")["sub"])) # Hotfix to set user id for firefox alert # XXXTBD Refactor rules later to support full id_conformant session @@ -181,9 +176,7 @@ def dashboard(): user = User(session, config.Config(app).settings) apps = user.apps(Application(app_list.apps_yml).apps) - return render_template( - "dashboard.html", config=app.config, user=user, apps=apps, alerts=None - ) + return render_template("dashboard.html", config=app.config, user=user, apps=apps, alerts=None) @app.route("/styleguide/dashboard") @@ -191,26 +184,24 @@ def styleguide_dashboard(): user = FakeUser(config.Config(app).settings) apps = user.apps(Application(app_list.apps_yml).apps) - return render_template( - "dashboard.html", config=app.config, user=user, apps=apps, alerts=None - ) + return render_template("dashboard.html", config=app.config, user=user, apps=apps, alerts=None) @app.route("/styleguide/notifications") -@oidc.oidc_auth('default') +@oidc.oidc_auth("default") def styleguide_notifications(): user = FakeUser(config.Config(app).settings) return render_template("notifications.html", config=app.config, user=user) @app.route("/notifications") -@oidc.oidc_auth('default') +@oidc.oidc_auth("default") def notifications(): user = User(session, config.Config(app).settings) return render_template("notifications.html", config=app.config, user=user) -@oidc.oidc_auth('default') +@oidc.oidc_auth("default") @app.route("/alert/", methods=["POST"]) def alert_operation(alert_id): if request.method == "POST": @@ -228,7 +219,7 @@ def alert_operation(alert_id): return "500" -@oidc.oidc_auth('default') +@oidc.oidc_auth("default") @app.route("/alert/fake", methods=["GET"]) def alert_faking(): if request.method == "GET": @@ -256,7 +247,7 @@ def alert_api(): @app.route("/info") -@oidc.oidc_auth('default') +@oidc.oidc_auth("default") def info(): """Return the JSONified user session for debugging.""" return jsonify( diff --git a/dashboard/config.py b/dashboard/config.py index 6f13c802..1dac3a95 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -22,24 +22,14 @@ class DefaultConfig(object): DEBUG = bool(CONFIG("debug", namespace="sso-dashboard", default="True")) TESTING = bool(CONFIG("testing", namespace="sso-dashboard", default="False")) CSRF_ENABLED = bool(CONFIG("csrf_enabled", default="True")) - PERMANENT_SESSION = bool( - CONFIG("permanent_session", namespace="sso-dashboard", default="True") - ) - PERMANENT_SESSION_LIFETIME = int( - CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400") - ) + PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) + PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) - SESSION_COOKIE_HTTPONLY = bool( - CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True") - ) - LOGGER_NAME = CONFIG( - "logger_name", namespace="sso-dashboard", default="sso-dashboard" - ) + SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) + LOGGER_NAME = CONFIG("logger_name", namespace="sso-dashboard", default="sso-dashboard") SECRET_KEY = CONFIG("secret_key", namespace="sso-dashboard") - SERVER_NAME = CONFIG( - "server_name", namespace="sso-dashboard", default="localhost:8000" - ) + SERVER_NAME = CONFIG("server_name", namespace="sso-dashboard", default="localhost:8000") S3_BUCKET = CONFIG("s3_bucket", namespace="sso-dashboard") @@ -49,13 +39,9 @@ class DefaultConfig(object): default="https://cdn.{SERVER_NAME}".format(SERVER_NAME=SERVER_NAME), ) - FORBIDDEN_PAGE_PUBLIC_KEY = base64.b64decode( - CONFIG("forbidden_page_public_key", namespace="sso-dashboard") - ) + FORBIDDEN_PAGE_PUBLIC_KEY = base64.b64decode(CONFIG("forbidden_page_public_key", namespace="sso-dashboard")) - PREFERRED_URL_SCHEME = CONFIG( - "preferred_url_scheme", namespace="sso-dashboard", default="https" - ) + PREFERRED_URL_SCHEME = CONFIG("preferred_url_scheme", namespace="sso-dashboard", default="https") class OIDCConfig(object): @@ -66,9 +52,7 @@ def __init__(self): CONFIG = get_config() self.OIDC_DOMAIN = CONFIG("oidc_domain", namespace="sso-dashboard") self.OIDC_CLIENT_ID = CONFIG("oidc_client_id", namespace="sso-dashboard") - self.OIDC_CLIENT_SECRET = CONFIG( - "oidc_client_secret", namespace="sso-dashboard" - ) + self.OIDC_CLIENT_SECRET = CONFIG("oidc_client_secret", namespace="sso-dashboard") self.LOGIN_URL = "https://{DOMAIN}/login?client={CLIENT_ID}".format( DOMAIN=self.OIDC_DOMAIN, CLIENT_ID=self.OIDC_CLIENT_ID ) diff --git a/dashboard/models/alert.py b/dashboard/models/alert.py index e4ea581e..675f28bc 100644 --- a/dashboard/models/alert.py +++ b/dashboard/models/alert.py @@ -36,9 +36,7 @@ def connect_ssm(self): def get_sns_arn(self): self.connect_ssm() - response = self.ssm.get_parameter( - Name="sso-dashboard-alerts-sns", WithDecryption=False - ) + response = self.ssm.get_parameter(Name="sso-dashboard-alerts-sns", WithDecryption=False) return response.get("Parameter").get("Value") @@ -109,18 +107,12 @@ def find_or_create_by(self, alert_dict, user_id): # If the alert is duplicate false do not create another instance of it. for alert in current_alerts.get("visible_alerts"): try: - if ( - alert.get("alert_code") == alert_dict.get("alert_code") and alert_dict.get("duplicate") is False - ): + if alert.get("alert_code") == alert_dict.get("alert_code") and alert_dict.get("duplicate") is False: return None else: continue except AttributeError as e: - logger.error( - "Bad data in alerts table for user: {}, exception was {}".format( - user_id, e - ) - ) + logger.error("Bad data in alerts table for user: {}, exception was {}".format(user_id, e)) # Else create another alert. return self.create(alert_dict) @@ -146,9 +138,7 @@ def destroy(self, alert_id, user_id): """ self.connect_dynamodb() - response = self.dynamodb.delete_item( - Key={"alert_id": alert_id, "user_id": user_id} - ) + response = self.dynamodb.delete_item(Key={"alert_id": alert_id, "user_id": user_id}) return response @@ -194,9 +184,7 @@ def find(self, user_id): ) alerts.extend(response["Items"]) except Exception as e: - logger.error( - "Could not load alerts for user: {} due to: {}.".format(user_id, e) - ) + logger.error("Could not load alerts for user: {} due to: {}.".format(user_id, e)) alerts = [] inactive_alerts = [] @@ -272,9 +260,7 @@ def find_by_id(self, alert_id): """ self.connect_dynamodb() - response = self.dynamodb.query( - KeyConditionExpression=Key("alert_id").eq(alert_id) - ) + response = self.dynamodb.query(KeyConditionExpression=Key("alert_id").eq(alert_id)) if response.get("Items"): return response.get("Items")[0] @@ -319,23 +305,17 @@ def alert_firefox_out_of_date(self): "url_title": "Download", "duplicate": False, } - self.alert.find_or_create_by( - alert_dict=alert_dict, user_id=self.userinfo.get("user_id") - ) + self.alert.find_or_create_by(alert_dict=alert_dict, user_id=self.userinfo.get("user_id")) else: # Clear any active alerts for firefox out of date. alerts = self.alert.find(self.userinfo.get("user_id")) for alert in alerts.get("visible_alerts"): if alert.get("alert_code") == "63f675d8896f4fb2b3caa204c8c2761e": - self.alert.destroy( - alert_id=alert.get("alert_id"), user_id=alert.get("user_id") - ) + self.alert.destroy(alert_id=alert.get("alert_id"), user_id=alert.get("user_id")) def _firefox_info(self): - release_json = requests.get( - "https://product-details.mozilla.org/1.0/firefox_versions.json" - ) + release_json = requests.get("https://product-details.mozilla.org/1.0/firefox_versions.json") if release_json.status_code == 200: return release_json.json() else: @@ -375,9 +355,8 @@ def _firefox_out_of_date(self): if u_version.get("minor_version") < f_version.get("minor_version"): return True elif ( - u_version.get( - "minor_version" - ) == f_version.get("minor_version") and u_version.get("dot_version") is not None + u_version.get("minor_version") == f_version.get("minor_version") + and u_version.get("dot_version") is not None ): if u_version.get("dot_version") < f_version.get("dot_version"): return True @@ -436,9 +415,7 @@ def _create_fake_geolocation_alert(self): "source_ip": fake_ip, }, "severity": "NOTICE", - "summary": "{} NEWCOUNTRY {}, {} access from {}".format( - fake_email, fake_state, fake_country, fake_ip - ), + "summary": "{} NEWCOUNTRY {}, {} access from {}".format(fake_email, fake_state, fake_country, fake_ip), "tags": ["geomodel"], "url": "https://www.mozilla.org/alert", "utctimestamp": "{}+00:00".format(fake.iso8601()), @@ -448,9 +425,7 @@ def _create_fake_geolocation_alert(self): "alert_code": "416c65727447656f6d6f64656c", "user_id": self.user_id, "risk": "high", - "summary": "Did you recently login from {}, {} ({})?".format( - fake_state, fake_country, fake_ip - ), + "summary": "Did you recently login from {}, {} ({})?".format(fake_state, fake_country, fake_ip), "alert_str_json": json.dumps(original_alert_dict), "description": "This alert is created based on geo ip information about the last login of a user.", "date": str(fake.date(pattern="%Y-%m-%d", end_datetime=None)), diff --git a/dashboard/models/tile.py b/dashboard/models/tile.py index c86640e9..d8626b94 100644 --- a/dashboard/models/tile.py +++ b/dashboard/models/tile.py @@ -27,9 +27,7 @@ def is_updated(self): """Compare etag of what is in bucket to what is on disk.""" self.connect_s3() try: - self.client.head_object( - Bucket=self.s3_bucket, Key="apps.yml", IfMatch=self._etag() - ) + self.client.head_object(Bucket=self.s3_bucket, Key="apps.yml", IfMatch=self._etag()) return False except Exception as e: logger.error("Etags do not match as a result of {error}".format(error=e)) diff --git a/dashboard/models/user.py b/dashboard/models/user.py index 64a1c799..cf2116fd 100644 --- a/dashboard/models/user.py +++ b/dashboard/models/user.py @@ -20,14 +20,8 @@ def email(self): try: email = self.userinfo.get("email") except Exception as e: - logger.error( - "The email attribute does no exists falling back to OIDC Conformant: {}.".format( - e - ) - ) - email = self.userinfo.get("https://sso.mozilla.com/claim/emails")[0][ - "emails" - ] + logger.error("The email attribute does no exists falling back to OIDC Conformant: {}.".format(e)) + email = self.userinfo.get("https://sso.mozilla.com/claim/emails")[0]["emails"] return email def apps(self, app_list): @@ -48,18 +42,14 @@ def avatar(self): def group_membership(self): """Return list of group membership if user is asserted from ldap.""" if self.userinfo.get("https://sso.mozilla.com/claim/groups", []) != []: - group_count = len( - self.userinfo.get("https://sso.mozilla.com/claim/groups", []) - ) + group_count = len(self.userinfo.get("https://sso.mozilla.com/claim/groups", [])) else: if self.userinfo.get("groups"): group_count = len(self.userinfo.get("groups", [])) else: group_count = 0 - if ( - "https://sso.mozilla.com/claim/groups" in self.userinfo.keys() and group_count > 0 - ): + if "https://sso.mozilla.com/claim/groups" in self.userinfo.keys() and group_count > 0: return self.userinfo["https://sso.mozilla.com/claim/groups"] if "groups" in self.userinfo.keys() and group_count > 0: @@ -94,21 +84,15 @@ def take_alert_action(self, alert_id, alert_action, helpfulness=None): alert_dict["last_update"] = int(time.time()) if alert_action == "acknowledge": - logger.info( - "An alert was acked for {uid}.".format(uid=self.userinfo["sub"]) - ) + logger.info("An alert was acked for {uid}.".format(uid=self.userinfo["sub"])) alert_dict["state"] = alert_action res = a.update(alert_id=alert_id, alert_dict=alert_dict) elif alert_action == "escalate": - logger.info( - "An alert was escalated for {uid}.".format(uid=self.userinfo["sub"]) - ) + logger.info("An alert was escalated for {uid}.".format(uid=self.userinfo["sub"])) alert_dict["state"] = alert_action res = a.update(alert_id=alert_id, alert_dict=alert_dict) elif alert_action == "indicate-helpfulness": - logger.info( - "Alert helpfulness was set for {uid}.".format(uid=self.userinfo["sub"]) - ) + logger.info("Alert helpfulness was set for {uid}.".format(uid=self.userinfo["sub"])) alert_dict["helpfulness"] = helpfulness res = a.update(alert_id=alert_id, alert_dict=alert_dict) else: @@ -126,9 +110,7 @@ def _is_authorized(self, app): return False elif "everyone" in app["application"]["authorized_groups"]: return True - elif set(app["application"]["authorized_groups"]) & set( - self.group_membership() - ): + elif set(app["application"]["authorized_groups"]) & set(self.group_membership()): return True elif set(app["application"]["authorized_users"]) & set(self.user_identifiers()): return True @@ -189,21 +171,15 @@ def alerts(self): "description": "This alert is created based on geo ip information about the last login of a user.", "duplicate": True, "risk": "medium", - "summary": "Did you recently login from {}, {}?".format( - fake.city(), fake.country() - ), + "summary": "Did you recently login from {}, {}?".format(fake.city(), fake.country()), "url": "https://mana.mozilla.org/wiki/display/SECURITY/Alert%3A+Change+in+Country", "url_title": "Get Help", "user_id": "ad|Mozilla-LDAP|fakeuser", "details": { - "Timestamp": fake.date_time_this_year().strftime( - "%A, %B %d %Y %H:%M UTC" - ), + "Timestamp": fake.date_time_this_year().strftime("%A, %B %d %Y %H:%M UTC"), "New Location": "{}, {}".format(fake.city(), fake.country()), "New IP": "{} ({})".format(fake.ipv4(), fake.company()), - "Previous Location": "{}, {}".format( - fake.city(), fake.country() - ), + "Previous Location": "{}, {}".format(fake.city(), fake.country()), }, }, { diff --git a/dashboard/oidc_auth.py b/dashboard/oidc_auth.py index 70234552..3688f728 100644 --- a/dashboard/oidc_auth.py +++ b/dashboard/oidc_auth.py @@ -19,8 +19,7 @@ def __init__(self, configuration): self.oidc_config = configuration def client_info(self): - client_info = ClientMetadata(client_id=self.oidc_config.client_id, - client_secret=self.oidc_config.client_secret) + client_info = ClientMetadata(client_id=self.oidc_config.client_id, client_secret=self.oidc_config.client_secret) return client_info def provider_info(self): @@ -28,12 +27,13 @@ def provider_info(self): provider_config = ProviderConfiguration( issuer="https://{DOMAIN}".format(DOMAIN=self.oidc_config.OIDC_DOMAIN), client_metadata=self.client_info(), - auth_request_params=auth_request_params) + auth_request_params=auth_request_params, + ) return provider_config def get_oidc(self, app): provider_info = self.provider_info() - o = OIDCAuthentication({'default': provider_info}, app) + o = OIDCAuthentication({"default": provider_info}, app) return o diff --git a/dashboard/vanity.py b/dashboard/vanity.py index 65cdc175..8d2e0b34 100644 --- a/dashboard/vanity.py +++ b/dashboard/vanity.py @@ -15,9 +15,7 @@ def setup(self): for vanity_url in url.keys(): try: self.app.add_url_rule(vanity_url, vanity_url, self.redirect_url) - self.app.add_url_rule( - vanity_url + "/", vanity_url + "/", self.redirect_url - ) + self.app.add_url_rule(vanity_url + "/", vanity_url + "/", self.redirect_url) except Exception as e: print(e) @@ -29,8 +27,7 @@ def redirect_url(self): if key == vanity_url: resp = make_response(redirect(match[vanity_url], code=301)) resp.headers["Cache-Control"] = ( - "no-store, no-cache, must-revalidate, " - "post-check=0, pre-check=0, max-age=0" + "no-store, no-cache, must-revalidate, " "post-check=0, pre-check=0, max-age=0" ) resp.headers["Expires"] = "-1" return resp From b48202d4e62331acb9cf7808821642287fed120d Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:17:50 -0400 Subject: [PATCH 111/141] Remove alert tests --- tests/test_alerts.py | 167 ------------------------------------------- 1 file changed, 167 deletions(-) delete mode 100644 tests/test_alerts.py diff --git a/tests/test_alerts.py b/tests/test_alerts.py deleted file mode 100644 index 379b4b18..00000000 --- a/tests/test_alerts.py +++ /dev/null @@ -1,167 +0,0 @@ -from boto3 import Session -from moto import mock_dynamodb2 - -from dashboard.models import alert - - -class TestAlerts(object): - def test_delegate_object_init(self): - a = alert.Alert() - assert a.alert_table_name == 'sso-dashboard-alert' - assert a is not None - - def test_create_alert_id(self): - a = alert.Alert() - id = a._create_alert_id() - assert id is id - - @mock_dynamodb2 - def test_create_alert(self): - session = Session() - # Get the service resource - dynamodb = session.resource('dynamodb') - dynamodb.create_table( - TableName='sso-dashboard-alert1', - KeySchema=[ - { - 'AttributeName': 'alert_id', - 'KeyType': 'HASH' - } - ], - AttributeDefinitions=[ - { - 'AttributeName': 'alert_id', - 'AttributeType': 'S' - } - ], - ProvisionedThroughput={ - 'ReadCapacityUnits': 5, - 'WriteCapacityUnits': 5 - } - ) - self.table = dynamodb.Table('sso-dashboard-alert1') - self.table.meta.client.get_waiter('table_exists').wait(TableName='sso-dashboard-alert1') - - a = alert.Alert() - a.dynamodb = self.table - - alert_dict = { - 'user_id': 'bob|ad|123456', - 'message': 'foo', - 'severity': 'HIGH' - } - # - res = a.create(alert_dict=alert_dict) - sample_alert_id = res['Attributes']['alert_id'] - - assert res['ResponseMetadata']['HTTPStatusCode'] == 200 - - res = a.find('bob|ad|123456') - assert len(res) == 4 - - updated_alert_dict = { - 'user_id': 'bob|ad|123456', - 'message': 'foo', - 'severity': 'MEDIUM' - } - - res = a.update(alert_id=sample_alert_id, alert_dict=updated_alert_dict) - assert res['ResponseMetadata']['HTTPStatusCode'] == 200 - - res = a.destroy(alert_id=sample_alert_id, user_id='bob|ad|123456') - assert res['ResponseMetadata']['HTTPStatusCode'] == 200 - - @mock_dynamodb2 - def test_alert_purge(self): - session = Session() - # Get the service resource - dynamodb = session.resource('dynamodb') - dynamodb.create_table( - TableName='sso-dashboard-alert1', - KeySchema=[ - { - 'AttributeName': 'alert_id', - 'KeyType': 'HASH' - } - ], - AttributeDefinitions=[ - { - 'AttributeName': 'alert_id', - 'AttributeType': 'S' - } - ], - ProvisionedThroughput={ - 'ReadCapacityUnits': 5, - 'WriteCapacityUnits': 5 - } - ) - - client = session.client('dynamodb') - response = client.update_table( - TableName='sso-dashboard-alert1', - GlobalSecondaryIndexUpdates=[ - { - 'Create': { - 'IndexName': 'user_id-index', - 'KeySchema': [ - { - 'AttributeName': 'user_id', - 'KeyType': 'HASH' - } - ], - 'Projection': { - 'ProjectionType': 'ALL' - }, - 'ProvisionedThroughput': { - 'ReadCapacityUnits': 5, - 'WriteCapacityUnits': 5 - } - } - } - ], - ) - - assert response is not None - - self.table = dynamodb.Table('sso-dashboard-alert1') - self.table.meta.client.get_waiter('table_exists').wait(TableName='sso-dashboard-alert1') - - a = alert.Alert() - a.dynamodb = self.table - - alert_dict = { - "alert_code": "416c65727447656f6d6f64656c", - "alert_id": "1c7c506eb221f6206becb8ef0d96f6", - "alert_str_json": "foo", - "date": "2018-08-05", - "description": "This alert is created based on geo ip information about the last login of a user.", - "duplicate": True, - "risk": "high", - "summary": "Did you recently login from Lewisham, United Kingdom (x.x.x.x)?", - "url": "https://mana.mozilla.org/wiki/display/SECURITY/Alert%3A+Change+in+Country", - "url_title": "Get Help", - "user_id": "ad|Mozilla-LDAP|akrug" - } - - res = a.create(alert_dict=alert_dict) - assert res is not None - assert res['ResponseMetadata']['HTTPStatusCode'] == 200 - - res = a.find('ad|Mozilla-LDAP|akrug') - - for this_alert in res.get('visible_alerts'): - if alert_dict.get('alert_id') == this_alert.get('alert_id'): - assert 0 - else: - pass - - -class TestRules(object): - def test_object_init(self): - a = alert.Rules(userinfo=None, request=None) - - assert a is not None - - -class TestFeedback(object): - pass From 4be91be735e5653166567c7b897fc62945f9f2e0 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:18:59 -0400 Subject: [PATCH 112/141] Add tox --- tox.ini | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 tox.ini diff --git a/tox.ini b/tox.ini new file mode 100644 index 00000000..ce76bc60 --- /dev/null +++ b/tox.ini @@ -0,0 +1,22 @@ +[tox] +env_list = + lint, py37 +minversion = 4.6.0 + +[testenv] +description = run the tests with pytest +package = wheel +wheel_build_env = .pkg +deps = + pytest>=6 + -rrequirements.txt +commands = + pytest {tty:--color=yes} {posargs} + +[testenv:lint] +description = run linters +skip_install = true +deps = + black==22.12 +commands = black {posargs:.} + From 8ef65263c3ed87c8022ead8eb329d9e6e8f61d0b Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:23:31 -0400 Subject: [PATCH 113/141] Remove requirement-dev and apply lint formatter to tests --- Dockerfile | 1 - requirements-dev.txt | 4 ---- setup.py | 10 +++++----- tests/test_error.py | 19 +++---------------- tests/test_tile.py | 3 --- tests/test_user.py | 19 +++++-------------- 6 files changed, 13 insertions(+), 43 deletions(-) delete mode 100644 requirements-dev.txt diff --git a/Dockerfile b/Dockerfile index 0686d645..7da4c8f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,6 @@ COPY ./files/start.sh /start.sh RUN chmod 755 /start.sh RUN pip3 install --upgrade pip COPY ./requirements.txt /dashboard/ -COPY ./requirements-dev.txt /dashboard/ RUN pip3 install -r /dashboard/requirements.txt COPY ./dashboard/ /dashboard/ RUN chmod 750 -R /dashboard diff --git a/requirements-dev.txt b/requirements-dev.txt deleted file mode 100644 index 7e46b74d..00000000 --- a/requirements-dev.txt +++ /dev/null @@ -1,4 +0,0 @@ -pytest-moto -pytest -pytest-cov -pytest-watch diff --git a/setup.py b/setup.py index 6e2438da..c012f250 100644 --- a/setup.py +++ b/setup.py @@ -8,9 +8,9 @@ requirements = [] -setup_requirements = ['pytest-runner', 'credstash', 'everett', 'josepy', 'flask_pyoidc'] +setup_requirements = ["pytest-runner", "credstash", "everett", "josepy", "flask_pyoidc"] -test_requirements = ['pytest', 'pytest-watch', 'pytest-cov', 'moto', 'pytest-moto', 'faker'] +test_requirements = ["pytest", "pytest-watch", "pytest-cov", "moto", "pytest-moto", "faker"] setup( name="dashboard", @@ -28,9 +28,9 @@ install_requires=requirements, license="Mozilla Public License 2.0", include_package_data=True, - packages=find_packages(include=['sso_dashboard']), + packages=find_packages(), setup_requires=setup_requirements, - test_suite='tests', + test_suite="tests", tests_require=test_requirements, - zip_safe=False + zip_safe=False, ) diff --git a/tests/test_error.py b/tests/test_error.py index 85c8e59a..a6a273ea 100644 --- a/tests/test_error.py +++ b/tests/test_error.py @@ -5,28 +5,15 @@ class ErrorTest(object): - public_key_file = os.path.join( - os.path.abspath( - os.path.dirname(__file__) - ), - 'data/public-signing-key.pem' - ) + public_key_file = os.path.join(os.path.abspath(os.path.dirname(__file__)), "data/public-signing-key.pem") public_key = open(public_key_file).read() - sample_jwt_file = os.path.join( - os.path.abspath( - os.path.dirname(__file__) - ), - 'data/mfa-required-jwt' - ) + sample_jwt_file = os.path.join(os.path.abspath(os.path.dirname(__file__)), "data/mfa-required-jwt") sample_json_web_token = open(sample_jwt_file).read() - tv = oidc_auth.tokenVerification( - public_key=public_key.encode(), - jws=sample_json_web_token.encode() - ) + tv = oidc_auth.tokenVerification(public_key=public_key.encode(), jws=sample_json_web_token.encode()) assert tv is not None verification_result = tv.verify diff --git a/tests/test_tile.py b/tests/test_tile.py index 26b30c2a..466c9eec 100644 --- a/tests/test_tile.py +++ b/tests/test_tile.py @@ -1,6 +1,3 @@ - - class TestTile(object): - def test_dynamo_object_init(self): pass diff --git a/tests/test_user.py b/tests/test_user.py index def47a2e..cbe101f5 100644 --- a/tests/test_user.py +++ b/tests/test_user.py @@ -6,22 +6,13 @@ class TestUser(object): def setup(self): - self.fixture_file = os.path.join( - os.path.abspath( - os.path.dirname(__file__) - ), - 'data/userinfo.json' - ) + self.fixture_file = os.path.join(os.path.abspath(os.path.dirname(__file__)), "data/userinfo.json") self.session_fixture = json.loads(open(self.fixture_file).read()) - self.good_apps_list = { - 'apps': [ - ] - - } + self.good_apps_list = {"apps": []} self.u = user.User(session=self.session_fixture, app_config=None) - self.u.api_token = 'foo' + self.u.api_token = "foo" def test_object_init(self): assert self.u is not None @@ -38,8 +29,8 @@ def test_user_name(self): f_name = self.u.first_name l_name = self.u.last_name - assert f_name == '' - assert l_name == '' + assert f_name == "" + assert l_name == "" def test_user_identifiers(self): assert len(self.u.user_identifiers()) == 2 From c0adab8fca86333909e3870cd3a4e60dfa542186 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:25:12 -0400 Subject: [PATCH 114/141] Update gitignore to ignore wheels build dir --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index ee47404e..0e3f3d55 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ tests/test_activate_actual.output bower_components node_modules .vscode/* +build/* From 15f3c5495cbc83c31525e0d6a16c7dba4e6e3789 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:38:47 -0400 Subject: [PATCH 115/141] Black --check only, ignore envfile, GHA validate job --- .github/workflows/main.yml | 22 +++++++++++----------- .gitignore | 1 + tox.ini | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c1719e97..bb170727 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: run: echo "SLACK_TS=${{ steps.slack.outputs.ts }}" >> "$GITHUB_OUTPUT" lint: - name: Linting + name: Linting/Unittesting needs: init runs-on: ubuntu-latest env: @@ -71,11 +71,11 @@ jobs: payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: dbab09 - STATUS_TITLE: Linting + STATUS_TITLE: Linting/Unittesting STATUS_VALUE: ':link-run: *Running*' - - name: - run: echo Linting + - name: Running Tox + run: tox build: name: Building @@ -112,7 +112,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build docker image with buildx + - name: Build and push Docker image with buildx uses: docker/build-push-action@v4 with: context: . @@ -122,8 +122,8 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max - testing: - name: Testing + validate: + name: Validating needs: [ init, lint, build ] runs-on: ubuntu-latest env: @@ -161,11 +161,11 @@ jobs: uses: addnab/docker-run-action@v3 with: image: "${{ env.DOCKER_TAG }}" - run: "cd /dashboard && pip install -r requirements-dev.txt && python3 setup.py test && python3 setup.py pytest" + run: echo TODO: Add docker validation checks deploy: name: Sending to Cloud Deploy - needs: [ init, lint, build, testing ] + needs: [ init, lint, build, validate ] runs-on: ubuntu-latest env: RELEASE_NAME: ${{needs.init.outputs.release_name}} @@ -207,7 +207,7 @@ jobs: final: name: Finalize Notifications - needs: [ init, lint, build, testing, deploy ] + needs: [ init, lint, build, validate, deploy ] runs-on: ubuntu-latest if: always() env: @@ -236,7 +236,7 @@ jobs: payload-file-path: ".github/workflows/payload-slack-deploy.json" - name: Update slack deployment failed - if: needs.lint.result == 'failure' || needs.build.result == 'failure' || needs.testing.result == 'failure' || needs.deploy.result == 'failure' + if: needs.lint.result == 'failure' || needs.build.result == 'failure' || needs.validate.result == 'failure' || needs.deploy.result == 'failure' uses: slackapi/slack-github-action@v1.24.0 with: update-ts: ${{ needs.init.outputs.slack_ts }} diff --git a/.gitignore b/.gitignore index 0e3f3d55..16c5a974 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ bower_components node_modules .vscode/* build/* +envfile diff --git a/tox.ini b/tox.ini index ce76bc60..d4cc99a4 100644 --- a/tox.ini +++ b/tox.ini @@ -18,5 +18,5 @@ description = run linters skip_install = true deps = black==22.12 -commands = black {posargs:.} +commands = black --check {posargs:.} From ee920b49847c8fef0c2feb2477bfb06132ce2ecd Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:40:27 -0400 Subject: [PATCH 116/141] fix Typo --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bb170727..99873886 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -161,7 +161,7 @@ jobs: uses: addnab/docker-run-action@v3 with: image: "${{ env.DOCKER_TAG }}" - run: echo TODO: Add docker validation checks + run: echo "TODO: Add docker validation checks" deploy: name: Sending to Cloud Deploy From b393062ea45042a235950936120301720c6523a6 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:43:57 -0400 Subject: [PATCH 117/141] Fix yaml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 99873886..6d29aab5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -161,7 +161,7 @@ jobs: uses: addnab/docker-run-action@v3 with: image: "${{ env.DOCKER_TAG }}" - run: echo "TODO: Add docker validation checks" + run: echo "TODO Add docker validation checks" deploy: name: Sending to Cloud Deploy From 2549e2bd96db8f614b0f43d3f5b95d5b517adb61 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:48:03 -0400 Subject: [PATCH 118/141] Make sure tox is install during GHA --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6d29aab5..f1e8c575 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -157,6 +157,9 @@ jobs: - name: Pull Docker image run: docker pull "${{ env.DOCKER_TAG }}" + - name: Install tox + run: pip install tox + - name: Run tests uses: addnab/docker-run-action@v3 with: From 72c5cc6b8a913c13eed505f62f4f601630f82b76 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:50:49 -0400 Subject: [PATCH 119/141] Push tox in the correct GHA job --- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f1e8c575..4a63d520 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -74,6 +74,9 @@ jobs: STATUS_TITLE: Linting/Unittesting STATUS_VALUE: ':link-run: *Running*' + - name: Install tox + run: pip install tox + - name: Running Tox run: tox @@ -157,10 +160,7 @@ jobs: - name: Pull Docker image run: docker pull "${{ env.DOCKER_TAG }}" - - name: Install tox - run: pip install tox - - - name: Run tests + - name: Run validate docker image uses: addnab/docker-run-action@v3 with: image: "${{ env.DOCKER_TAG }}" From acd215d9323af4c4ea02056430baf0bd0f2dff19 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 08:55:37 -0400 Subject: [PATCH 120/141] Fix slack validation msg --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4a63d520..8c63fa14 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -144,7 +144,7 @@ jobs: payload-file-path: ".github/workflows/payload-slack-content.json" env: STATUS_COLOR: dbab09 - STATUS_TITLE: Testing + STATUS_TITLE: Validating Image STATUS_VALUE: ':link-run: *Running*' - name: 'Google auth' From a7f880267fa408e67a065ce1ff93c8b4061251a0 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 09:21:46 -0400 Subject: [PATCH 121/141] Modify service templates --- clouddeploy/sso-dashboard-dev.template.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/clouddeploy/sso-dashboard-dev.template.yaml b/clouddeploy/sso-dashboard-dev.template.yaml index e15f4ded..f7b13edb 100644 --- a/clouddeploy/sso-dashboard-dev.template.yaml +++ b/clouddeploy/sso-dashboard-dev.template.yaml @@ -20,7 +20,12 @@ spec: template: metadata: annotations: - autoscaling.knative.dev/maxScale: '1' + autoscaling.knative.dev/minScale: '1' + autoscaling.knative.dev/maxScale: '3' + run.googleapis.com/cpu-throttling: 'false' + run.googleapis.com/startup-cpu-boost: 'true' + run.googleapis.com/ingress: internal-and-cloud-load-balancing + run.googleapis.com/ingress-status: internal-and-cloud-load-balancing spec: containers: - name: 'sso-dashboard' From c300694f03e5bbf8fd34f42f7a00f518d15d0a50 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 09:34:13 -0400 Subject: [PATCH 122/141] Fix annotations --- clouddeploy/sso-dashboard-dev.template.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/clouddeploy/sso-dashboard-dev.template.yaml b/clouddeploy/sso-dashboard-dev.template.yaml index f7b13edb..0ac359b4 100644 --- a/clouddeploy/sso-dashboard-dev.template.yaml +++ b/clouddeploy/sso-dashboard-dev.template.yaml @@ -16,6 +16,9 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: name: 'sso-dashboard-dev' + annotations: + run.googleapis.com/ingress: internal-and-cloud-load-balancing + run.googleapis.com/description: 'https://sso.allizom.org' spec: template: metadata: @@ -24,8 +27,6 @@ spec: autoscaling.knative.dev/maxScale: '3' run.googleapis.com/cpu-throttling: 'false' run.googleapis.com/startup-cpu-boost: 'true' - run.googleapis.com/ingress: internal-and-cloud-load-balancing - run.googleapis.com/ingress-status: internal-and-cloud-load-balancing spec: containers: - name: 'sso-dashboard' From 4651cb4866fd944b9caab9664bb3ad7d2317b20e Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 17:02:03 -0400 Subject: [PATCH 123/141] update cloud deploy templates --- clouddeploy/sso-dashboard-prod.template.yaml | 8 +++++++- clouddeploy/sso-dashboard-staging.template.yaml | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index 11c5d8db..e7e03aa1 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -16,11 +16,17 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: name: 'sso-dashboard-prod' + annotations: + run.googleapis.com/ingress: internal-and-cloud-load-balancing + run.googleapis.com/description: 'https://sso.mozilla.com' spec: template: metadata: annotations: - autoscaling.knative.dev/maxScale: '2' + autoscaling.knative.dev/minScale: '1' + autoscaling.knative.dev/maxScale: '3' + run.googleapis.com/cpu-throttling: 'false' + run.googleapis.com/startup-cpu-boost: 'true' spec: containers: - name: 'sso-dashboard' diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index 13119b79..28e6c92f 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -16,11 +16,17 @@ apiVersion: serving.knative.dev/v1 kind: Service metadata: name: 'sso-dashboard-staging' + annotations: + run.googleapis.com/ingress: internal-and-cloud-load-balancing + run.googleapis.com/description: 'https://staging.sso.mozilla.com' spec: template: metadata: annotations: - autoscaling.knative.dev/maxScale: '2' + autoscaling.knative.dev/minScale: '1' + autoscaling.knative.dev/maxScale: '3' + run.googleapis.com/cpu-throttling: 'false' + run.googleapis.com/startup-cpu-boost: 'true' spec: containers: - name: 'sso-dashboard' From 1945e801d09b59b5627be2bca04045cfef84a9e4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 17:05:38 -0400 Subject: [PATCH 124/141] Clean up unused files --- man/man1/nosetests.1 | 581 ----------------------------------- scripts/build-environment.sh | 14 - scripts/post-deploy.sh | 4 - scripts/prep-deploy.sh | 14 - scripts/validate-deploy.sh | 13 - 5 files changed, 626 deletions(-) delete mode 100644 man/man1/nosetests.1 delete mode 100644 scripts/build-environment.sh delete mode 100644 scripts/post-deploy.sh delete mode 100644 scripts/prep-deploy.sh delete mode 100644 scripts/validate-deploy.sh diff --git a/man/man1/nosetests.1 b/man/man1/nosetests.1 deleted file mode 100644 index 57728456..00000000 --- a/man/man1/nosetests.1 +++ /dev/null @@ -1,581 +0,0 @@ -.\" Man page generated from reStructuredText. -. -.TH "NOSETESTS" "1" "April 04, 2015" "1.3" "nose" -.SH NAME -nosetests \- Nicer testing for Python -. -.nr rst2man-indent-level 0 -. -.de1 rstReportMargin -\\$1 \\n[an-margin] -level \\n[rst2man-indent-level] -level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] -- -\\n[rst2man-indent0] -\\n[rst2man-indent1] -\\n[rst2man-indent2] -.. -.de1 INDENT -.\" .rstReportMargin pre: -. RS \\$1 -. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] -. nr rst2man-indent-level +1 -.\" .rstReportMargin post: -.. -.de UNINDENT -. RE -.\" indent \\n[an-margin] -.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] -.nr rst2man-indent-level -1 -.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] -.in \\n[rst2man-indent\\n[rst2man-indent-level]]u -.. -.SH NICER TESTING FOR PYTHON -.SS SYNOPSIS -.INDENT 0.0 -.INDENT 3.5 -nosetests [options] [names] -.UNINDENT -.UNINDENT -.SS DESCRIPTION -.sp -nose collects tests automatically from python source files, -directories and packages found in its working directory (which -defaults to the current working directory). Any python source file, -directory or package that matches the testMatch regular expression -(by default: \fI(?:^|[b_.\-])[Tt]est)\fP will be collected as a test (or -source for collection of tests). In addition, all other packages -found in the working directory will be examined for python source files -or directories that match testMatch. Package discovery descends all -the way down the tree, so package.tests and package.sub.tests and -package.sub.sub2.tests will all be collected. -.sp -Within a test directory or package, any python source file matching -testMatch will be examined for test cases. Within a test module, -functions and classes whose names match testMatch and TestCase -subclasses with any name will be loaded and executed as tests. Tests -may use the assert keyword or raise AssertionErrors to indicate test -failure. TestCase subclasses may do the same or use the various -TestCase methods available. -.sp -\fBIt is important to note that the default behavior of nose is to -not include tests from files which are executable.\fP To include -tests from such files, remove their executable bit or use -the \-\-exe flag (see \(aqOptions\(aq section below). -.SS Selecting Tests -.sp -To specify which tests to run, pass test names on the command line: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -nosetests only_test_this.py -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Test names specified may be file or module names, and may optionally -indicate the test case to run by separating the module or file name -from the test case name with a colon. Filenames may be relative or -absolute. Examples: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -nosetests test.module -nosetests another.test:TestCase.test_method -nosetests a.test:TestCase -nosetests /path/to/test/file.py:test_function -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -You may also change the working directory where nose looks for tests -by using the \-w switch: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -nosetests \-w /path/to/tests -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Note, however, that support for multiple \-w arguments is now deprecated -and will be removed in a future release. As of nose 0.10, you can get -the same behavior by specifying the target directories \fIwithout\fP -the \-w switch: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -nosetests /path/to/tests /another/path/to/tests -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -Further customization of test selection and loading is possible -through the use of plugins. -.sp -Test result output is identical to that of unittest, except for -the additional features (error classes, and plugin\-supplied -features such as output capture and assert introspection) detailed -in the options below. -.SS Configuration -.sp -In addition to passing command\-line options, you may also put -configuration options in your project\(aqs \fIsetup.cfg\fP file, or a .noserc -or nose.cfg file in your home directory. In any of these standard -ini\-style config files, you put your nosetests configuration in a -\fB[nosetests]\fP section. Options are the same as on the command line, -with the \-\- prefix removed. For options that are simple switches, you -must supply a value: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -[nosetests] -verbosity=3 -with\-doctest=1 -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -All configuration files that are found will be loaded and their -options combined. You can override the standard config file loading -with the \fB\-c\fP option. -.SS Using Plugins -.sp -There are numerous nose plugins available via easy_install and -elsewhere. To use a plugin, just install it. The plugin will add -command line options to nosetests. To verify that the plugin is installed, -run: -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -nosetests \-\-plugins -.ft P -.fi -.UNINDENT -.UNINDENT -.sp -You can add \-v or \-vv to that command to show more information -about each plugin. -.sp -If you are running nose.main() or nose.run() from a script, you -can specify a list of plugins to use by passing a list of plugins -with the plugins keyword argument. -.SS 0.9 plugins -.sp -nose 1.0 can use SOME plugins that were written for nose 0.9. The -default plugin manager inserts a compatibility wrapper around 0.9 -plugins that adapts the changed plugin api calls. However, plugins -that access nose internals are likely to fail, especially if they -attempt to access test case or test suite classes. For example, -plugins that try to determine if a test passed to startTest is an -individual test or a suite will fail, partly because suites are no -longer passed to startTest and partly because it\(aqs likely that the -plugin is trying to find out if the test is an instance of a class -that no longer exists. -.SS 0.10 and 0.11 plugins -.sp -All plugins written for nose 0.10 and 0.11 should work with nose 1.0. -.SS Options -.INDENT 0.0 -.TP -.B \-V, \-\-version -Output nose version and exit -.UNINDENT -.INDENT 0.0 -.TP -.B \-p, \-\-plugins -Output list of available plugins and exit. Combine with higher verbosity for greater detail -.UNINDENT -.INDENT 0.0 -.TP -.B \-v=DEFAULT, \-\-verbose=DEFAULT -Be more verbose. [NOSE_VERBOSE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-verbosity=VERBOSITY -Set verbosity; \-\-verbosity=2 is the same as \-v -.UNINDENT -.INDENT 0.0 -.TP -.B \-q=DEFAULT, \-\-quiet=DEFAULT -Be less verbose -.UNINDENT -.INDENT 0.0 -.TP -.B \-c=FILES, \-\-config=FILES -Load configuration from config file(s). May be specified multiple times; in that case, all config files will be loaded and combined -.UNINDENT -.INDENT 0.0 -.TP -.B \-w=WHERE, \-\-where=WHERE -Look for tests in this directory. May be specified multiple times. The first directory passed will be used as the working directory, in place of the current working directory, which is the default. Others will be added to the list of tests to execute. [NOSE_WHERE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-py3where=PY3WHERE -Look for tests in this directory under Python 3.x. Functions the same as \(aqwhere\(aq, but only applies if running under Python 3.x or above. Note that, if present under 3.x, this option completely replaces any directories specified with \(aqwhere\(aq, so the \(aqwhere\(aq option becomes ineffective. [NOSE_PY3WHERE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-m=REGEX, \-\-match=REGEX, \-\-testmatch=REGEX -Files, directories, function names, and class names that match this regular expression are considered tests. Default: (?:^|[b_./\-])[Tt]est [NOSE_TESTMATCH] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-tests=NAMES -Run these tests (comma\-separated list). This argument is useful mainly from configuration files; on the command line, just pass the tests to run as additional arguments with no switch. -.UNINDENT -.INDENT 0.0 -.TP -.B \-l=DEFAULT, \-\-debug=DEFAULT -Activate debug logging for one or more systems. Available debug loggers: nose, nose.importer, nose.inspector, nose.plugins, nose.result and nose.selector. Separate multiple names with a comma. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-debug\-log=FILE -Log debug messages to this file (default: sys.stderr) -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-logging\-config=FILE, \-\-log\-config=FILE -Load logging config from this file \-\- bypasses all other logging config settings. -.UNINDENT -.INDENT 0.0 -.TP -.B \-I=REGEX, \-\-ignore\-files=REGEX -Completely ignore any file that matches this regular expression. Takes precedence over any other settings or plugins. Specifying this option will replace the default setting. Specify this option multiple times to add more regular expressions [NOSE_IGNORE_FILES] -.UNINDENT -.INDENT 0.0 -.TP -.B \-e=REGEX, \-\-exclude=REGEX -Don\(aqt run tests that match regular expression [NOSE_EXCLUDE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-i=REGEX, \-\-include=REGEX -This regular expression will be applied to files, directories, function names, and class names for a chance to include additional tests that do not match TESTMATCH. Specify this option multiple times to add more regular expressions [NOSE_INCLUDE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-x, \-\-stop -Stop running tests after the first error or failure -.UNINDENT -.INDENT 0.0 -.TP -.B \-P, \-\-no\-path\-adjustment -Don\(aqt make any changes to sys.path when loading tests [NOSE_NOPATH] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-exe -Look for tests in python modules that are executable. Normal behavior is to exclude executable modules, since they may not be import\-safe [NOSE_INCLUDE_EXE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-noexe -DO NOT look for tests in python modules that are executable. (The default on the windows platform is to do so.) -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-traverse\-namespace -Traverse through all path entries of a namespace package -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-first\-package\-wins, \-\-first\-pkg\-wins, \-\-1st\-pkg\-wins -nose\(aqs importer will normally evict a package from sys.modules if it sees a package with the same name in a different location. Set this option to disable that behavior. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-no\-byte\-compile -Prevent nose from byte\-compiling the source into .pyc files while nose is scanning for and running tests. -.UNINDENT -.INDENT 0.0 -.TP -.B \-a=ATTR, \-\-attr=ATTR -Run only tests that have attributes specified by ATTR [NOSE_ATTR] -.UNINDENT -.INDENT 0.0 -.TP -.B \-A=EXPR, \-\-eval\-attr=EXPR -Run only tests for whose attributes the Python expression EXPR evaluates to True [NOSE_EVAL_ATTR] -.UNINDENT -.INDENT 0.0 -.TP -.B \-s, \-\-nocapture -Don\(aqt capture stdout (any stdout output will be printed immediately) [NOSE_NOCAPTURE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-nologcapture -Disable logging capture plugin. Logging configuration will be left intact. [NOSE_NOLOGCAPTURE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-logging\-format=FORMAT -Specify custom format to print statements. Uses the same format as used by standard logging handlers. [NOSE_LOGFORMAT] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-logging\-datefmt=FORMAT -Specify custom date/time format to print statements. Uses the same format as used by standard logging handlers. [NOSE_LOGDATEFMT] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-logging\-filter=FILTER -Specify which statements to filter in/out. By default, everything is captured. If the output is too verbose, -use this option to filter out needless output. -Example: filter=foo will capture statements issued ONLY to - foo or foo.what.ever.sub but not foobar or other logger. -Specify multiple loggers with comma: filter=foo,bar,baz. -If any logger name is prefixed with a minus, eg filter=\-foo, -it will be excluded rather than included. Default: exclude logging messages from nose itself (\-nose). [NOSE_LOGFILTER] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-logging\-clear\-handlers -Clear all other logging handlers -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-logging\-level=DEFAULT -Set the log level to capture -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-with\-coverage -Enable plugin Coverage: -Activate a coverage report using Ned Batchelder\(aqs coverage module. - [NOSE_WITH_COVERAGE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-package=PACKAGE -Restrict coverage output to selected packages [NOSE_COVER_PACKAGE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-erase -Erase previously collected coverage statistics before run -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-tests -Include test modules in coverage report [NOSE_COVER_TESTS] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-min\-percentage=DEFAULT -Minimum percentage of coverage for tests to pass [NOSE_COVER_MIN_PERCENTAGE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-inclusive -Include all python files under working directory in coverage report. Useful for discovering holes in test coverage if not all files are imported by the test suite. [NOSE_COVER_INCLUSIVE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-html -Produce HTML coverage information -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-html\-dir=DIR -Produce HTML coverage information in dir -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-branches -Include branch coverage in coverage report [NOSE_COVER_BRANCHES] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-xml -Produce XML coverage information -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-cover\-xml\-file=FILE -Produce XML coverage information in file -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-pdb -Drop into debugger on failures or errors -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-pdb\-failures -Drop into debugger on failures -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-pdb\-errors -Drop into debugger on errors -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-no\-deprecated -Disable special handling of DeprecatedTest exceptions. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-with\-doctest -Enable plugin Doctest: -Activate doctest plugin to find and run doctests in non\-test modules. - [NOSE_WITH_DOCTEST] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-doctest\-tests -Also look for doctests in test modules. Note that classes, methods and functions should have either doctests or non\-doctest tests, not both. [NOSE_DOCTEST_TESTS] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-doctest\-extension=EXT -Also look for doctests in files with this extension [NOSE_DOCTEST_EXTENSION] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-doctest\-result\-variable=VAR -Change the variable name set to the result of the last interpreter command from the default \(aq_\(aq. Can be used to avoid conflicts with the _() function used for text translation. [NOSE_DOCTEST_RESULT_VAR] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-doctest\-fixtures=SUFFIX -Find fixtures for a doctest file in module with this name appended to the base name of the doctest file -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-doctest\-options=OPTIONS -Specify options to pass to doctest. Eg. \(aq+ELLIPSIS,+NORMALIZE_WHITESPACE\(aq -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-with\-isolation -Enable plugin IsolationPlugin: -Activate the isolation plugin to isolate changes to external -modules to a single test module or package. The isolation plugin -resets the contents of sys.modules after each test module or -package runs to its state before the test. PLEASE NOTE that this -plugin should not be used with the coverage plugin, or in any other case -where module reloading may produce undesirable side\-effects. - [NOSE_WITH_ISOLATION] -.UNINDENT -.INDENT 0.0 -.TP -.B \-d, \-\-detailed\-errors, \-\-failure\-detail -Add detail to error output by attempting to evaluate failed asserts [NOSE_DETAILED_ERRORS] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-with\-profile -Enable plugin Profile: -Use this plugin to run tests using the hotshot profiler. - [NOSE_WITH_PROFILE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-profile\-sort=SORT -Set sort order for profiler output -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-profile\-stats\-file=FILE -Profiler stats file; default is a new temp file on each run -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-profile\-restrict=RESTRICT -Restrict profiler output. See help for pstats.Stats for details -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-no\-skip -Disable special handling of SkipTest exceptions. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-with\-id -Enable plugin TestId: -Activate to add a test id (like #1) to each test name output. Activate -with \-\-failed to rerun failing tests only. - [NOSE_WITH_ID] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-id\-file=FILE -Store test ids found in test runs in this file. Default is the file .noseids in the working directory. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-failed -Run the tests that failed in the last test run. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-processes=NUM -Spread test run among this many processes. Set a number equal to the number of processors or cores in your machine for best results. Pass a negative number to have the number of processes automatically set to the number of cores. Passing 0 means to disable parallel testing. Default is 0 unless NOSE_PROCESSES is set. [NOSE_PROCESSES] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-process\-timeout=SECONDS -Set timeout for return of results from each test runner process. Default is 10. [NOSE_PROCESS_TIMEOUT] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-process\-restartworker -If set, will restart each worker process once their tests are done, this helps control memory leaks from killing the system. [NOSE_PROCESS_RESTARTWORKER] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-with\-xunit -Enable plugin Xunit: This plugin provides test results in the standard XUnit XML format. [NOSE_WITH_XUNIT] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-xunit\-file=FILE -Path to xml file to store the xunit report in. Default is nosetests.xml in the working directory [NOSE_XUNIT_FILE] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-xunit\-testsuite\-name=PACKAGE -Name of the testsuite in the xunit xml, generated by plugin. Default test suite name is nosetests. -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-all\-modules -Enable plugin AllModules: Collect tests from all python modules. - [NOSE_ALL_MODULES] -.UNINDENT -.INDENT 0.0 -.TP -.B \-\-collect\-only -Enable collect\-only: -Collect and output test names only, don\(aqt run any tests. - [COLLECT_ONLY] -.UNINDENT -.SH AUTHOR -Nose developers -.SH COPYRIGHT -2009, Jason Pellerin -.\" Generated by docutils manpage writer. -. diff --git a/scripts/build-environment.sh b/scripts/build-environment.sh deleted file mode 100644 index 87c066e1..00000000 --- a/scripts/build-environment.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -#Clean up old images -docker images -q |xargs docker rmi - -cd /home/ec2-user/app - -ACCOUNT_ID=`aws sts get-caller-identity | grep Account | cut -d '"' -f4` - -sed -i s/656532927350/${ACCOUNT_ID}/g docker-compose.yml - -aws ecr get-login --region us-west-2 --no-include-email | bash - -/usr/local/bin/docker-compose pull diff --git a/scripts/post-deploy.sh b/scripts/post-deploy.sh deleted file mode 100644 index 8c91057c..00000000 --- a/scripts/post-deploy.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -cd /home/ec2-user/app -/usr/local/bin/docker-compose up -d \ No newline at end of file diff --git a/scripts/prep-deploy.sh b/scripts/prep-deploy.sh deleted file mode 100644 index bebb2410..00000000 --- a/scripts/prep-deploy.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -cd /home/ec2-user/app - -# Clear the old containers -/usr/local/bin/docker-compose stop -/usr/local/bin/docker-compose rm -f - -rm -rf /home/ec2-user/app - -mkdir -p /home/ec2-user/app - -#Grab an ECR Login -aws ecr get-login --region us-west-2 --no-include-email | bash diff --git a/scripts/validate-deploy.sh b/scripts/validate-deploy.sh deleted file mode 100644 index 7f4bcafd..00000000 --- a/scripts/validate-deploy.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -sleep 60 - -result=$(curl -s http://localhost:8000/) - -if [[ "$result" =~ "Mozilla SSO Dashboard" ]]; then - echo "The system is up." - exit 0 -else - echo "The system is not up" - exit 1 -fi From 9313e207533e3bff3e4e09fc3cc740b36c0250d4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 20:32:30 -0400 Subject: [PATCH 125/141] Remove deprecated stylelint rules --- .stylelintrc | 49 ++++--------------------------------------------- 1 file changed, 4 insertions(+), 45 deletions(-) diff --git a/.stylelintrc b/.stylelintrc index 3c616082..16325f2f 100644 --- a/.stylelintrc +++ b/.stylelintrc @@ -1,91 +1,50 @@ { + "extends": "stylelint-config-standard-scss", "rules": { - "color-hex-case": "lower", "color-no-invalid-hex": true, "font-family-no-duplicate-names": true, "font-family-name-quotes": "always-where-recommended", "function-calc-no-unspaced-operator": true, - "function-comma-space-after": "always", - "function-comma-space-before": "never", "function-name-case": "lower", - "function-parentheses-space-inside": "never", - "function-whitespace-after": "always", "function-url-no-scheme-relative": true, "function-url-quotes": "always", - "number-no-trailing-zeros": true, - "string-no-newline": true, - "string-quotes": "single", "length-zero-no-unit": true, - "unit-case": "lower", "unit-no-unknown": true, - "value-keyword-case": lower, - - "value-list-comma-space-after": "always-single-line", - "value-list-comma-space-before": "never", + "value-keyword-case": "lower", - "property-case": "lower", "property-no-unknown": true, "keyframe-declaration-no-important": true, - "declaration-colon-space-after": "always", - "declaration-colon-space-before": "never", "declaration-no-important": true, - "declaration-block-trailing-semicolon": "always", "declaration-block-single-line-max-declarations": 1, - "declaration-block-semicolon-space-before": "never", - "declaration-block-semicolon-newline-after": "always-multi-line", "declaration-block-no-shorthand-property-overrides": true, "declaration-block-no-duplicate-properties": true, "block-no-empty": true, - "block-closing-brace-empty-line-before": "never", - "block-closing-brace-newline-after": "always", - "block-closing-brace-newline-before": "always-multi-line", - "block-closing-brace-space-before": "always-single-line", - "block-opening-brace-newline-after": "always-multi-line", - "block-opening-brace-space-after": "always-single-line", - "block-opening-brace-space-before": "always", - - "selector-attribute-brackets-space-inside": "never", - "selector-attribute-operator-space-after": "never", - "selector-attribute-operator-space-before": "never", - "selector-combinator-space-after": "always", - "selector-combinator-space-before": "always", + "selector-pseudo-class-no-unknown": true, "selector-pseudo-element-no-unknown": true, - "selector-pseudo-class-case": "lower", - "selector-pseudo-element-case": "lower", "selector-type-case": "lower", "selector-type-no-unknown": true, - "selector-max-empty-lines": 0, "rule-empty-line-before": "always-multi-line", - "media-feature-name-case": "lower", "media-feature-name-no-unknown": true, - "media-feature-colon-space-after": "always", - "media-feature-colon-space-before": "never", - "media-feature-parentheses-space-inside": "never", "comment-no-empty": true, - "indentation": 4, "max-nesting-depth": 6, "no-duplicate-selectors": true, - "no-eol-whitespace": true, - "no-extra-semicolons": true, "no-unknown-animations": true, - "no-invalid-double-slash-comments": true, - "no-missing-end-of-source-newline": true, - "max-empty-lines": 1 + "no-invalid-double-slash-comments": true } } From f1985ac9e46c5aeaf55595d5e2527dcf7a447ca6 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 21:07:42 -0400 Subject: [PATCH 126/141] no-descending-specificity stylelint rule --- .stylelintrc | 1 + 1 file changed, 1 insertion(+) diff --git a/.stylelintrc b/.stylelintrc index 16325f2f..ed4c85b9 100644 --- a/.stylelintrc +++ b/.stylelintrc @@ -1,6 +1,7 @@ { "extends": "stylelint-config-standard-scss", "rules": { + "no-descending-specificity": null, "color-no-invalid-hex": true, "font-family-no-duplicate-names": true, From 94378de30c12109dad1f7006584eb398af2cdf9c Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 21:10:37 -0400 Subject: [PATCH 127/141] Add eslint and stylelint to tox --- tox.ini | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tox.ini b/tox.ini index d4cc99a4..590fa48a 100644 --- a/tox.ini +++ b/tox.ini @@ -20,3 +20,23 @@ deps = black==22.12 commands = black --check {posargs:.} +[testenv:eslint] +description = run eslint +skip_install = true +deps = + nodeenv +commands = + nodeenv --prebuilt -p --node 14.21.3 + npm install eslint + npx eslint 'dashboard/static/js/*.js' +allowlist_externals = eslint + +[testenv:stylelint] +description = run stylelint +skip_install = true +deps = + nodeenv +commands = + nodeenv --prebuilt -p --node 14.21.3 + npm install stylelint stylelint-config-standard-scss + npx stylelint 'dashboard/static/css/*.scss' From b36f3e13b69385e6f0caa4daa32a0286c3f4830e Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 21:20:04 -0400 Subject: [PATCH 128/141] Remove travis and pip-selfcheck --- .travis.yml | 20 -------------------- pip-selfcheck.json | 1 - 2 files changed, 21 deletions(-) delete mode 100644 .travis.yml delete mode 100644 pip-selfcheck.json diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ed318f23..00000000 --- a/.travis.yml +++ /dev/null @@ -1,20 +0,0 @@ -language: python -dist: trusty -cache: pip -notifications: - email: false -python: - - 3.6 -env: - - "DASHBOARD_CONFIG_INI=tests/sso-dashboard.ini AWS_DEFAULT_REGION=us-west-2 BOTO_CONFIG=/dev/null" -before_install: - - pip install flake8 - - flake8 dashboard - - flake8 tests -install: - - pip install -r requirements.txt - - npm install -g eslint stylelint -script: - - python setup.py pytest - - eslint 'dashboard/static/js/*.js' - - stylelint 'dashboard/static/css/*.scss' diff --git a/pip-selfcheck.json b/pip-selfcheck.json deleted file mode 100644 index 7544439b..00000000 --- a/pip-selfcheck.json +++ /dev/null @@ -1 +0,0 @@ -{"last_check":"2017-02-15T17:20:52Z","pypi_version":"9.0.1"} \ No newline at end of file From 85a10b5e0750611d25768add4d876b5cd12c3901 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 21:23:10 -0400 Subject: [PATCH 129/141] Reformat base.scss --- dashboard/static/css/base.scss | 99 ++++++++++++++-------------------- 1 file changed, 39 insertions(+), 60 deletions(-) diff --git a/dashboard/static/css/base.scss b/dashboard/static/css/base.scss index 2da860a3..de7b6f43 100644 --- a/dashboard/static/css/base.scss +++ b/dashboard/static/css/base.scss @@ -4,35 +4,35 @@ --logo-border: 1px; } @font-face { - font-family: 'Open Sans'; + font-family: "Open Sans"; font-weight: normal; font-style: normal; - src: url('../../fonts/opensans-regular.woff2') format('woff2'), - url('../../fonts/opensans-regular.woff') format('woff'); + src: url("../../fonts/opensans-regular.woff2") format("woff2"), + url("../../fonts/opensans-regular.woff") format("woff"); } @font-face { - font-family: 'Open Sans'; + font-family: "Open Sans"; font-weight: bold; font-style: normal; - src: url('../../fonts/opensans-bold.woff2') format('woff2'), - url('../../fonts/opensans-bold.woff') format('woff'); + src: url("../../fonts/opensans-bold.woff2") format("woff2"), + url("../../fonts/opensans-bold.woff") format("woff"); } @font-face { - font-family: 'Open Sans'; + font-family: "Open Sans"; font-weight: normal; font-style: italic; - src: url('../../fonts/opensans-italic.woff2') format('woff2'), - url('../../fonts/opensans-italic.woff') format('woff'); + src: url("../../fonts/opensans-italic.woff2") format("woff2"), + url("../../fonts/opensans-italic.woff") format("woff"); } @font-face { - font-family: 'Open Sans'; + font-family: "Open Sans"; font-weight: bold; font-style: italic; - src: url('../../fonts/opensans-bolditalic.woff2') format('woff2'), - url('../../fonts/opensans-bolditalic.woff') format('woff'); + src: url("../../fonts/opensans-bolditalic.woff2") format("woff2"), + url("../../fonts/opensans-bolditalic.woff") format("woff"); } $gray: #808080; @@ -63,7 +63,7 @@ body { margin: 0; font-size: 16px; line-height: 1.4; - font-family: 'Open Sans', sans-serif; + font-family: "Open Sans", sans-serif; letter-spacing: 0.03em; } @@ -124,7 +124,6 @@ body { &:active, &:focus { - &::placeholder { color: white; } @@ -142,7 +141,6 @@ body { cursor: pointer; &.yellow-border { - g { fill: $yellow; } @@ -196,9 +194,9 @@ body { .alerts-count { background-color: $red; - width: .8em; - height: .8em; - border-radius: .8em; + width: 0.8em; + height: 0.8em; + border-radius: 0.8em; position: absolute; top: 10px; right: 50px; @@ -353,7 +351,7 @@ body { } span { - font-size: .8em; + font-size: 0.8em; } } @@ -369,7 +367,6 @@ body { } .alert-message { - @media all and (max-width: 767px) { margin-bottom: 10px; } @@ -385,7 +382,7 @@ body { .closebtn { color: white; - opacity: .8; + opacity: 0.8; font-size: 2em; line-height: 20px; cursor: pointer; @@ -430,7 +427,6 @@ body { } .alert[data-loading] { - .loading-indicator { display: block; } @@ -445,7 +441,7 @@ body { } .btn-alert { - padding: .5em 1em; + padding: 0.5em 1em; background: white; border: 1px solid black; font-family: inherit; @@ -453,7 +449,7 @@ body { color: black; text-decoration: none; border-radius: 1.5em; - margin: .5em; + margin: 0.5em; transition: background-color 0.2s ease-in-out; &:first-of-type { @@ -478,7 +474,7 @@ body { svg { display: inline-block; vertical-align: middle; - margin-right: .5em; + margin-right: 0.5em; path { fill: #000; @@ -556,14 +552,16 @@ body { text-overflow: ellipsis; white-space: nowrap; overflow: hidden; - width: calc(var(--logo-width) + (var(--logo-padding) * 2) + (var(--logo-border) * 2)); + width: calc( + var(--logo-width) + (var(--logo-padding) * 2) + + (var(--logo-border) * 2) + ); } } } } .notifications { - h1 { color: black; display: inline-block; @@ -586,9 +584,9 @@ body { color: white; display: inline-block; font-weight: bold; - margin-left: .5em; + margin-left: 0.5em; text-align: center; - font-size: .875em; + font-size: 0.875em; line-height: 1.4; } } @@ -634,7 +632,7 @@ body { color: var(--alert-color); background-color: var(--alert-bg-color); padding: 5px 35px; - font-size: .875em; + font-size: 0.875em; } border-bottom: 4px solid var(--alert-bg-color); @@ -644,7 +642,7 @@ body { padding: 32px; .alert-datetime { - font-size: .9em; + font-size: 0.9em; } .alert-summary { @@ -688,7 +686,7 @@ body { .alert-survey { border-top: 2px solid $darkgray; text-align: left; - font-size: .875em; + font-size: 0.875em; .notifications & { border-top-color: $bggray; @@ -762,10 +760,10 @@ body { } .alert-timing { - margin: .5em 0 1.5em; + margin: 0.5em 0 1.5em; time { - font-size: .75em; + font-size: 0.75em; } } @@ -800,7 +798,7 @@ body { &.notice { font-style: italic; - font-size: .8em; + font-size: 0.8em; } } @@ -868,7 +866,7 @@ footer { width: 20px; margin-right: 10px; display: inline-block; - opacity: .8; + opacity: 0.8; } a { @@ -911,7 +909,6 @@ footer { } &:last-child { - span { margin-bottom: 15px; } @@ -931,7 +928,7 @@ footer { color: $gray; img { - opacity: .3; + opacity: 0.3; } } @@ -988,7 +985,7 @@ footer { max-width: 90%; &:before { - content: ' '; + content: " "; position: absolute; width: 0; height: 0; @@ -1041,13 +1038,11 @@ footer { } .forbidden { - .panel { max-width: calc(100% - 60px); } .section { - .mui-btn { max-width: calc(100% - 100px); float: none; @@ -1062,11 +1057,8 @@ footer { } @media all and (max-width: 991px) { - .error-page { - .section { - .youtube { width: 340px; height: 191px; @@ -1076,19 +1068,16 @@ footer { } @media all and (max-width: 767px) { - .mui-appbar .filter .mui-textfield input { width: 240px; } .error-page { - .panel { max-width: calc(100% - 60px); } .section { - .mui-btn { max-width: calc(100% - 100px); float: none; @@ -1124,16 +1113,13 @@ footer { } @media all and (max-width: 543px) { - $appbar-height: 80px; .mui-appbar { height: $appbar-height; &.menu-enabled { - > div { - &:first-child { width: 70px; } @@ -1193,7 +1179,7 @@ footer { display: inline-block; height: $appbar-height; width: $appbar-height; - background-image: url('../../img/search.svg'); + background-image: url("../../img/search.svg"); background-repeat: no-repeat; background-position: center center; background-size: 18px; @@ -1204,7 +1190,7 @@ footer { background-color: black; color: $lightgray; border-bottom: 1px solid black; - background-image: url('../../img/search-w.svg'); + background-image: url("../../img/search-w.svg"); } &.menu-enabled { @@ -1267,7 +1253,6 @@ footer { &:active, &:focus { - &::placeholder { color: black; } @@ -1284,7 +1269,6 @@ footer { padding: 10px; .app-grid { - .app-tile { margin: 10px; max-width: 122px; @@ -1304,7 +1288,6 @@ footer { } .logout { - .panel { margin-top: 20px; padding: 30px; @@ -1312,9 +1295,8 @@ footer { } footer { - .icon-container { - margin: .2em 1em; + margin: 0.2em 1em; .icon { display: flex; @@ -1341,11 +1323,8 @@ footer { } @media all and (max-width: 359px) { - .mui-appbar { - .menu { - &.enabled { width: 160px; From 3693e750de393cda91a8bd24848c6c80e411f920 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 11 Jun 2023 21:27:35 -0400 Subject: [PATCH 130/141] Include eslint in tox default --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 590fa48a..24b998e8 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] env_list = - lint, py37 + eslint, lint, py37 minversion = 4.6.0 [testenv] From f5b19c9c553ffaa67a4ba5d2195015642c9ca31a Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 13:17:55 -0400 Subject: [PATCH 131/141] Add jwatkins as contib --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 846e515a..6787948a 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ A python flask implementation of an SSO dashboard. OIDC for authentication and # Contributors +* Jake Watkins [:dividehex] jwatkins@mozilla.com * Andrew Krug [:andrew] akrug@mozilla.com # Projects this Project Uses From 01d63ecb02985486755e78d710d1901444fafc84 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 18:27:23 -0400 Subject: [PATCH 132/141] Do not set cookie with domain --- dashboard/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/dashboard/config.py b/dashboard/config.py index 1dac3a95..1e777ec0 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -25,6 +25,7 @@ class DefaultConfig(object): PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) + SESSION_COOKIE_DOMAIN = bool(CONFIG("session_cookie_domain", namespace="sso-dashboard", default="False")) SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) LOGGER_NAME = CONFIG("logger_name", namespace="sso-dashboard", default="sso-dashboard") From 9e21f820a4e329e6f620688c40befd59e24ba0a5 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 18:52:13 -0400 Subject: [PATCH 133/141] Set samesite --- .github/workflows/main.yml | 4 ++-- dashboard/config.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8c63fa14..66146bcc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,7 @@ env: GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 REGION: us-east1 - CHANNEL_IDS: C05AMLCL4JX + CHANNEL_IDS: G01AC4VU4UV SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} jobs: @@ -54,7 +54,7 @@ jobs: run: echo "SLACK_TS=${{ steps.slack.outputs.ts }}" >> "$GITHUB_OUTPUT" lint: - name: Linting/Unittesting + name: Linting / Unit Testing needs: init runs-on: ubuntu-latest env: diff --git a/dashboard/config.py b/dashboard/config.py index 1e777ec0..6580ee15 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -25,7 +25,7 @@ class DefaultConfig(object): PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) - SESSION_COOKIE_DOMAIN = bool(CONFIG("session_cookie_domain", namespace="sso-dashboard", default="False")) + SESSION_COOKIE_SAMESITE='Strict' SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) LOGGER_NAME = CONFIG("logger_name", namespace="sso-dashboard", default="sso-dashboard") From 9af1365900ef288c5ececc5a19ee955dd1a08589 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 19:57:41 -0400 Subject: [PATCH 134/141] Lint fix --- dashboard/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/config.py b/dashboard/config.py index 6580ee15..a21d1817 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -25,7 +25,7 @@ class DefaultConfig(object): PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) - SESSION_COOKIE_SAMESITE='Strict' + SESSION_COOKIE_SAMESITE = "Strict" SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) LOGGER_NAME = CONFIG("logger_name", namespace="sso-dashboard", default="sso-dashboard") From bd907c5796f53a4ad9888a52b79e33b001591dd5 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 20:29:35 -0400 Subject: [PATCH 135/141] Config change --- dashboard/config.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dashboard/config.py b/dashboard/config.py index a21d1817..08682c81 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -25,13 +25,14 @@ class DefaultConfig(object): PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) - SESSION_COOKIE_SAMESITE = "Strict" + SESSION_COOKIE_SAMESITE = CONFIG("session_cookie_samesite", namespace="sso-dashboard", default="strict") SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) LOGGER_NAME = CONFIG("logger_name", namespace="sso-dashboard", default="sso-dashboard") SECRET_KEY = CONFIG("secret_key", namespace="sso-dashboard") SERVER_NAME = CONFIG("server_name", namespace="sso-dashboard", default="localhost:8000") - + SESSION_COOKIE_NAME = SERVER_NAME + "_session" + S3_BUCKET = CONFIG("s3_bucket", namespace="sso-dashboard") CDN = CONFIG( From 629c1e7026631150e0c9805300ff15da4c3caba4 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 20:47:52 -0400 Subject: [PATCH 136/141] Big linting changes --- .github/workflows/main.yml | 10 +++++----- CODE_OF_CONDUCT.md | 4 ++-- README.md | 8 ++++---- clouddeploy/sso-dashboard-dev.template.yaml | 2 +- clouddeploy/sso-dashboard-prod.template.yaml | 2 +- clouddeploy/sso-dashboard-staging.template.yaml | 2 +- dashboard/config.py | 2 +- dashboard/static/img/alerts/alert-white.svg | 2 +- dashboard/static/img/alerts/arrow-right-white.svg | 2 +- dashboard/static/img/alerts/info-white.svg | 2 +- dashboard/static/img/alerts/notification-white.svg | 2 +- dashboard/static/img/email.svg | 2 +- dashboard/static/img/feedback.svg | 2 +- dashboard/static/img/github.svg | 2 +- dashboard/static/img/legal.svg | 2 +- dashboard/static/img/logout.svg | 2 +- dashboard/static/img/mozilla-m.svg | 1 - dashboard/static/img/mozilla.svg | 2 +- dashboard/static/img/privacy.svg | 1 - dashboard/static/img/request.svg | 2 +- dashboard/static/img/search-w.svg | 2 +- dashboard/static/img/search.svg | 2 +- dashboard/static/img/settings.svg | 2 +- dashboard/static/img/success.svg | 2 +- dashboard/static/lib/mui/packages/cdn/css/mui.min.css | 2 +- dashboard/static/lib/mui/packages/cdn/js/mui.min.js | 2 +- dashboard/templates/icons/alert.svg | 1 - dashboard/templates/icons/arrow-right.svg | 1 - dashboard/templates/icons/info.svg | 1 - dashboard/templates/icons/notification.svg | 1 - docs/alert-center.md | 4 ++-- docs/architecture.mermaid | 2 +- docs/development.md | 2 +- 33 files changed, 36 insertions(+), 42 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 66146bcc..c72b4d72 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,7 +9,7 @@ on: permissions: contents: 'read' id-token: 'write' - + env: APP: sso-dashboard GAR_LOCATION: us-east1 @@ -90,7 +90,7 @@ jobs: steps: - name: 'Checkout' uses: 'actions/checkout@v3' - + - name: Update slack notification uses: slackapi/slack-github-action@v1.24.0 with: @@ -107,7 +107,7 @@ jobs: uses: 'google-github-actions/auth@v1' with: workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev @@ -152,7 +152,7 @@ jobs: uses: 'google-github-actions/auth@v1' with: workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' - name: 'Docker auth' run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev @@ -193,7 +193,7 @@ jobs: uses: 'google-github-actions/auth@v1' with: workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' - service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' - name: 'Render cloud deploy config manifests from templates' run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 498baa3f..041fbb69 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,8 +1,8 @@ # Community Participation Guidelines -This repository is governed by Mozilla's code of conduct and etiquette guidelines. +This repository is governed by Mozilla's code of conduct and etiquette guidelines. For more details, please read the -[Mozilla Community Participation Guidelines](https://www.mozilla.org/about/governance/policies/participation/). +[Mozilla Community Participation Guidelines](https://www.mozilla.org/about/governance/policies/participation/). ## How to Report For more information on how to report violations of the Community Participation Guidelines, please read our '[How to Report](https://www.mozilla.org/about/governance/policies/participation/reporting/)' page. diff --git a/README.md b/README.md index 6787948a..777f4a0f 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ app staging and then taking apps live.__ # Adding apps to the Dashboard In order to add applications to the dashboard there is an apps.yml file and -a logos directory that exists in the Mozilla-IAM github org. +a logos directory that exists in the Mozilla-IAM github org. https://github.com/mozilla-iam/sso-dashboard-configuration @@ -87,11 +87,11 @@ to the fact they are in a responsive grid. For more information on developing features for the sso-dashboard see the [development guide](docs/development.md). # Deployment -This section gives an overview of the SSO Dashboard deployment, for a more detailed explanation check [this document](https://github.com/mozilla-iam/iam-infra/blob/74a68749db6f9043bdd36970d0e94de322cd9804/docs/runbooks/sso-dashboard.md). +This section gives an overview of the SSO Dashboard deployment, for a more detailed explanation check [this document](https://github.com/mozilla-iam/iam-infra/blob/74a68749db6f9043bdd36970d0e94de322cd9804/docs/runbooks/sso-dashboard.md). -Single Sign On Dashboard (SSO Dashboard) runs in the AWS IAM account (320464205386) inside the production EKS cluster, however it uses resources in the `infosec-prod` and `infosec-dev` AWS accounts. +Single Sign On Dashboard (SSO Dashboard) runs in the AWS IAM account (320464205386) inside the production EKS cluster, however it uses resources in the `infosec-prod` and `infosec-dev` AWS accounts. -Currently the application is deployed into 2 different environments: dev and prod, each one running in the correspondent Kubernetes namespaces. +Currently the application is deployed into 2 different environments: dev and prod, each one running in the correspondent Kubernetes namespaces. - Production environment can be reach at https://sso.mozilla.com - Development environment can be reach at https://sso.allizom.org diff --git a/clouddeploy/sso-dashboard-dev.template.yaml b/clouddeploy/sso-dashboard-dev.template.yaml index 0ac359b4..39b524fa 100644 --- a/clouddeploy/sso-dashboard-dev.template.yaml +++ b/clouddeploy/sso-dashboard-dev.template.yaml @@ -43,7 +43,7 @@ spec: - '--log-level=debug' ports: - name: http1 - containerPort: 8000 + containerPort: 8000 env: - name: 'TARGET' value: 'Staging' diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index e7e03aa1..2d20b009 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -43,7 +43,7 @@ spec: - '--log-level=debug' ports: - name: http1 - containerPort: 8000 + containerPort: 8000 env: - name: TARGET value: Prod diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index 28e6c92f..1121150c 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -43,7 +43,7 @@ spec: - '--log-level=debug' ports: - name: http1 - containerPort: 8000 + containerPort: 8000 env: - name: TARGET value: Prod diff --git a/dashboard/config.py b/dashboard/config.py index 08682c81..ff1eb307 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -32,7 +32,7 @@ class DefaultConfig(object): SECRET_KEY = CONFIG("secret_key", namespace="sso-dashboard") SERVER_NAME = CONFIG("server_name", namespace="sso-dashboard", default="localhost:8000") SESSION_COOKIE_NAME = SERVER_NAME + "_session" - + S3_BUCKET = CONFIG("s3_bucket", namespace="sso-dashboard") CDN = CONFIG( diff --git a/dashboard/static/img/alerts/alert-white.svg b/dashboard/static/img/alerts/alert-white.svg index 045dd03f..ded66430 100644 --- a/dashboard/static/img/alerts/alert-white.svg +++ b/dashboard/static/img/alerts/alert-white.svg @@ -9,4 +9,4 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/alerts/arrow-right-white.svg b/dashboard/static/img/alerts/arrow-right-white.svg index d16e5d04..fcebd997 100644 --- a/dashboard/static/img/alerts/arrow-right-white.svg +++ b/dashboard/static/img/alerts/arrow-right-white.svg @@ -9,4 +9,4 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/alerts/info-white.svg b/dashboard/static/img/alerts/info-white.svg index 04f87581..ffca8e9f 100644 --- a/dashboard/static/img/alerts/info-white.svg +++ b/dashboard/static/img/alerts/info-white.svg @@ -9,4 +9,4 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/alerts/notification-white.svg b/dashboard/static/img/alerts/notification-white.svg index 9526428b..911f9b2f 100644 --- a/dashboard/static/img/alerts/notification-white.svg +++ b/dashboard/static/img/alerts/notification-white.svg @@ -9,4 +9,4 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/email.svg b/dashboard/static/img/email.svg index 530a2ab6..5194d9d3 100644 --- a/dashboard/static/img/email.svg +++ b/dashboard/static/img/email.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/feedback.svg b/dashboard/static/img/feedback.svg index 884a7380..394e1b15 100644 --- a/dashboard/static/img/feedback.svg +++ b/dashboard/static/img/feedback.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/github.svg b/dashboard/static/img/github.svg index 0240f2ee..c90a1f26 100644 --- a/dashboard/static/img/github.svg +++ b/dashboard/static/img/github.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/legal.svg b/dashboard/static/img/legal.svg index 57ef7196..c95934fb 100644 --- a/dashboard/static/img/legal.svg +++ b/dashboard/static/img/legal.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/logout.svg b/dashboard/static/img/logout.svg index c9291082..28dd347e 100644 --- a/dashboard/static/img/logout.svg +++ b/dashboard/static/img/logout.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/mozilla-m.svg b/dashboard/static/img/mozilla-m.svg index dd0d8d0d..12dfe47c 100644 --- a/dashboard/static/img/mozilla-m.svg +++ b/dashboard/static/img/mozilla-m.svg @@ -1,2 +1 @@ - diff --git a/dashboard/static/img/mozilla.svg b/dashboard/static/img/mozilla.svg index c60ec66e..4f953c0d 100644 --- a/dashboard/static/img/mozilla.svg +++ b/dashboard/static/img/mozilla.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/privacy.svg b/dashboard/static/img/privacy.svg index 49477a3e..ef262dd0 100644 --- a/dashboard/static/img/privacy.svg +++ b/dashboard/static/img/privacy.svg @@ -1,2 +1 @@ - diff --git a/dashboard/static/img/request.svg b/dashboard/static/img/request.svg index 2906b48d..dcdcdc42 100644 --- a/dashboard/static/img/request.svg +++ b/dashboard/static/img/request.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/search-w.svg b/dashboard/static/img/search-w.svg index 569d3dad..ddac7176 100644 --- a/dashboard/static/img/search-w.svg +++ b/dashboard/static/img/search-w.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/search.svg b/dashboard/static/img/search.svg index 75df1ad4..9f567c3e 100644 --- a/dashboard/static/img/search.svg +++ b/dashboard/static/img/search.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/settings.svg b/dashboard/static/img/settings.svg index eda002e5..c53c9184 100644 --- a/dashboard/static/img/settings.svg +++ b/dashboard/static/img/settings.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/img/success.svg b/dashboard/static/img/success.svg index 0005c5ba..da097cd7 100644 --- a/dashboard/static/img/success.svg +++ b/dashboard/static/img/success.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/dashboard/static/lib/mui/packages/cdn/css/mui.min.css b/dashboard/static/lib/mui/packages/cdn/css/mui.min.css index 806a570b..89e4f336 100644 --- a/dashboard/static/lib/mui/packages/cdn/css/mui.min.css +++ b/dashboard/static/lib/mui/packages/cdn/css/mui.min.css @@ -1 +1 @@ -/*! normalize.css v5.0.0 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:Arial,Verdana,Tahoma;font-size:14px;font-weight:400;line-height:1.429;color:rgba(0,0,0,.87);background-color:#FFF}a{color:#2196F3;text-decoration:none}a:focus,a:hover{text-decoration:underline}a:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}p{margin:0 0 10px}ol,ul{margin-top:0;margin-bottom:10px}hr{margin-top:20px;margin-bottom:20px;border:0;height:1px;background-color:rgba(0,0,0,.12)}strong{font-weight:700}abbr[title]{cursor:help;border-bottom:1px dotted #2196F3}h1,h2,h3{margin-top:20px;margin-bottom:10px}h4,h5,h6{margin-top:10px;margin-bottom:10px}.mui--appbar-height{height:56px}.mui--appbar-min-height,.mui-appbar{min-height:56px}.mui--appbar-line-height{line-height:56px}.mui--appbar-top{top:56px}@media (orientation:landscape) and (max-height:480px){.mui--appbar-height{height:48px}.mui--appbar-min-height,.mui-appbar{min-height:48px}.mui--appbar-line-height{line-height:48px}.mui--appbar-top{top:48px}}@media (min-width:480px){.mui--appbar-height{height:64px}.mui--appbar-min-height,.mui-appbar{min-height:64px}.mui--appbar-line-height{line-height:64px}.mui--appbar-top{top:64px}}.mui-appbar{background-color:#2196F3;color:#FFF}.mui-btn{font-weight:500;font-size:14px;line-height:18px;text-transform:uppercase;color:rgba(0,0,0,.87);background-color:#FFF;transition:all .2s ease-in-out;display:inline-block;height:36px;padding:0 26px;margin:6px 0;border:none;border-radius:2px;cursor:pointer;-ms-touch-action:manipulation;touch-action:manipulation;background-image:none;text-align:center;line-height:36px;vertical-align:middle;white-space:nowrap;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;font-size:14px;font-family:inherit;letter-spacing:.03em;position:relative;overflow:hidden}.mui-btn:active,.mui-btn:focus,.mui-btn:hover{color:rgba(0,0,0,.87);background-color:#fff}.mui-btn[disabled]:active,.mui-btn[disabled]:focus,.mui-btn[disabled]:hover{color:rgba(0,0,0,.87);background-color:#FFF}.mui-btn.mui-btn--flat{color:rgba(0,0,0,.87);background-color:transparent}.mui-btn.mui-btn--flat:active,.mui-btn.mui-btn--flat:focus,.mui-btn.mui-btn--flat:hover{color:rgba(0,0,0,.87);background-color:#f2f2f2}.mui-btn.mui-btn--flat[disabled]:active,.mui-btn.mui-btn--flat[disabled]:focus,.mui-btn.mui-btn--flat[disabled]:hover{color:rgba(0,0,0,.87);background-color:transparent}.mui-btn:active,.mui-btn:focus,.mui-btn:hover{outline:0;text-decoration:none;color:rgba(0,0,0,.87)}.mui-btn:focus,.mui-btn:hover{box-shadow:0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn:focus,.mui-btn:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn:focus,.mui-btn:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}.mui-btn:active:hover{box-shadow:0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn:active:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn:active:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}.mui-btn.mui--is-disabled,.mui-btn:disabled{cursor:not-allowed;pointer-events:none;opacity:.6;box-shadow:none}.mui-btn+.mui-btn{margin-left:8px}.mui-btn--flat{background-color:transparent}.mui-btn--flat:active,.mui-btn--flat:active:hover,.mui-btn--flat:focus,.mui-btn--flat:hover{box-shadow:none;background-color:#f2f2f2}.mui-btn--fab,.mui-btn--raised{box-shadow:0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn--fab,.mui-btn--raised{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn--fab,.mui-btn--raised{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}.mui-btn--fab:active,.mui-btn--raised:active{box-shadow:0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn--fab:active,.mui-btn--raised:active{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn--fab:active,.mui-btn--raised:active{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}.mui-btn--fab{position:relative;padding:0;width:55px;height:55px;line-height:55px;border-radius:50%;z-index:1}.mui-btn--primary{color:#FFF;background-color:#2196F3}.mui-btn--primary:active,.mui-btn--primary:focus,.mui-btn--primary:hover{color:#FFF;background-color:#39a1f4}.mui-btn--primary[disabled]:active,.mui-btn--primary[disabled]:focus,.mui-btn--primary[disabled]:hover{color:#FFF;background-color:#2196F3}.mui-btn--primary.mui-btn--flat{color:#2196F3;background-color:transparent}.mui-btn--primary.mui-btn--flat:active,.mui-btn--primary.mui-btn--flat:focus,.mui-btn--primary.mui-btn--flat:hover{color:#2196F3;background-color:#f2f2f2}.mui-btn--primary.mui-btn--flat[disabled]:active,.mui-btn--primary.mui-btn--flat[disabled]:focus,.mui-btn--primary.mui-btn--flat[disabled]:hover{color:#2196F3;background-color:transparent}.mui-btn--dark{color:#FFF;background-color:#424242}.mui-btn--dark:active,.mui-btn--dark:focus,.mui-btn--dark:hover{color:#FFF;background-color:#4f4f4f}.mui-btn--dark[disabled]:active,.mui-btn--dark[disabled]:focus,.mui-btn--dark[disabled]:hover{color:#FFF;background-color:#424242}.mui-btn--dark.mui-btn--flat{color:#424242;background-color:transparent}.mui-btn--dark.mui-btn--flat:active,.mui-btn--dark.mui-btn--flat:focus,.mui-btn--dark.mui-btn--flat:hover{color:#424242;background-color:#f2f2f2}.mui-btn--dark.mui-btn--flat[disabled]:active,.mui-btn--dark.mui-btn--flat[disabled]:focus,.mui-btn--dark.mui-btn--flat[disabled]:hover{color:#424242;background-color:transparent}.mui-btn--danger{color:#FFF;background-color:#F44336}.mui-btn--danger:active,.mui-btn--danger:focus,.mui-btn--danger:hover{color:#FFF;background-color:#f55a4e}.mui-btn--danger[disabled]:active,.mui-btn--danger[disabled]:focus,.mui-btn--danger[disabled]:hover{color:#FFF;background-color:#F44336}.mui-btn--danger.mui-btn--flat{color:#F44336;background-color:transparent}.mui-btn--danger.mui-btn--flat:active,.mui-btn--danger.mui-btn--flat:focus,.mui-btn--danger.mui-btn--flat:hover{color:#F44336;background-color:#f2f2f2}.mui-btn--danger.mui-btn--flat[disabled]:active,.mui-btn--danger.mui-btn--flat[disabled]:focus,.mui-btn--danger.mui-btn--flat[disabled]:hover{color:#F44336;background-color:transparent}.mui-btn--accent{color:#FFF;background-color:#FF4081}.mui-btn--accent:active,.mui-btn--accent:focus,.mui-btn--accent:hover{color:#FFF;background-color:#ff5a92}.mui-btn--accent[disabled]:active,.mui-btn--accent[disabled]:focus,.mui-btn--accent[disabled]:hover{color:#FFF;background-color:#FF4081}.mui-btn--accent.mui-btn--flat{color:#FF4081;background-color:transparent}.mui-btn--accent.mui-btn--flat:active,.mui-btn--accent.mui-btn--flat:focus,.mui-btn--accent.mui-btn--flat:hover{color:#FF4081;background-color:#f2f2f2}.mui-btn--accent.mui-btn--flat[disabled]:active,.mui-btn--accent.mui-btn--flat[disabled]:focus,.mui-btn--accent.mui-btn--flat[disabled]:hover{color:#FF4081;background-color:transparent}.mui-btn--small{height:30.6px;line-height:30.6px;padding:0 16px;font-size:13px}.mui-btn--large{height:54px;line-height:54px;padding:0 26px;font-size:14px}.mui-btn--fab.mui-btn--small{width:44px;height:44px;line-height:44px}.mui-btn--fab.mui-btn--large{width:75px;height:75px;line-height:75px}.mui-checkbox,.mui-radio{position:relative;display:block;margin-top:10px;margin-bottom:10px}.mui-checkbox>label,.mui-radio>label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.mui-checkbox input:disabled,.mui-radio input:disabled{cursor:not-allowed}.mui-checkbox input:focus,.mui-radio input:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.mui-checkbox--inline>label>input[type=checkbox],.mui-checkbox>label>input[type=checkbox],.mui-radio--inline>label>input[type=radio],.mui-radio>label>input[type=radio]{position:absolute;margin-left:-20px;margin-top:4px}.mui-checkbox+.mui-checkbox,.mui-radio+.mui-radio{margin-top:-5px}.mui-checkbox--inline,.mui-radio--inline{display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:400;cursor:pointer}.mui-checkbox--inline>input[type=checkbox],.mui-checkbox--inline>input[type=radio],.mui-checkbox--inline>label>input[type=checkbox],.mui-checkbox--inline>label>input[type=radio],.mui-radio--inline>input[type=checkbox],.mui-radio--inline>input[type=radio],.mui-radio--inline>label>input[type=checkbox],.mui-radio--inline>label>input[type=radio]{margin:4px 0 0;line-height:normal}.mui-checkbox--inline+.mui-checkbox--inline,.mui-radio--inline+.mui-radio--inline{margin-top:0;margin-left:10px}.mui-container{box-sizing:border-box;margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.mui-container:after,.mui-container:before{content:" ";display:table}.mui-container:after{clear:both}@media (min-width:544px){.mui-container{max-width:570px}}@media (min-width:768px){.mui-container{max-width:740px}}@media (min-width:992px){.mui-container{max-width:960px}}@media (min-width:1200px){.mui-container{max-width:1170px}}.mui-container-fluid{box-sizing:border-box;margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.mui-container-fluid:after,.mui-container-fluid:before{content:" ";display:table}.mui-container-fluid:after{clear:both}.mui-divider{display:block;height:1px;background-color:rgba(0,0,0,.12)}.mui--divider-top{border-top:1px solid rgba(0,0,0,.12)}.mui--divider-bottom{border-bottom:1px solid rgba(0,0,0,.12)}.mui--divider-left{border-left:1px solid rgba(0,0,0,.12)}.mui--divider-right{border-right:1px solid rgba(0,0,0,.12)}.mui-dropdown{display:inline-block;position:relative}[data-mui-toggle=dropdown]{outline:0}.mui-dropdown__menu{position:absolute;top:100%;left:0;display:none;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;font-size:14px;text-align:left;background-color:#FFF;border-radius:2px;z-index:1;background-clip:padding-box}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-dropdown__menu{border-top:1px solid rgba(0,0,0,.12);border-left:1px solid rgba(0,0,0,.12)}}@supports (-ms-ime-align:auto){.mui-dropdown__menu{border-top:1px solid rgba(0,0,0,.12);border-left:1px solid rgba(0,0,0,.12)}}.mui-dropdown__menu.mui--is-open{display:block}.mui-dropdown__menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.429;color:rgba(0,0,0,.87);text-decoration:none;white-space:nowrap}.mui-dropdown__menu>li>a:focus,.mui-dropdown__menu>li>a:hover{text-decoration:none;color:rgba(0,0,0,.87);background-color:#EEE}.mui-dropdown__menu>.mui--is-disabled>a,.mui-dropdown__menu>.mui--is-disabled>a:focus,.mui-dropdown__menu>.mui--is-disabled>a:hover{color:#EEE}.mui-dropdown__menu>.mui--is-disabled>a:focus,.mui-dropdown__menu>.mui--is-disabled>a:hover{text-decoration:none;background-color:transparent;background-image:none;cursor:not-allowed}.mui-dropdown__menu--right{left:auto;right:0}.mui-form legend{display:block;width:100%;padding:0;margin-bottom:10px;font-size:21px;color:rgba(0,0,0,.87);line-height:inherit;border:0}.mui-form fieldset{border:0;padding:0;margin:0 0 20px 0}@media (min-width:544px){.mui-form--inline .mui-textfield{display:inline-block;vertical-align:bottom;margin-bottom:0}.mui-form--inline .mui-checkbox,.mui-form--inline .mui-radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.mui-form--inline .mui-checkbox>label,.mui-form--inline .mui-radio>label{padding-left:0}.mui-form--inline .mui-checkbox>label>input[type=checkbox],.mui-form--inline .mui-radio>label>input[type=radio]{position:relative;margin-left:0}.mui-form--inline .mui-select{display:inline-block}.mui-form--inline .mui-btn{margin-bottom:0;margin-top:0;vertical-align:bottom}}.mui-row{margin-left:-15px;margin-right:-15px}.mui-row:after,.mui-row:before{content:" ";display:table}.mui-row:after{clear:both}.mui-col-lg-1,.mui-col-lg-10,.mui-col-lg-11,.mui-col-lg-12,.mui-col-lg-2,.mui-col-lg-3,.mui-col-lg-4,.mui-col-lg-5,.mui-col-lg-6,.mui-col-lg-7,.mui-col-lg-8,.mui-col-lg-9,.mui-col-md-1,.mui-col-md-10,.mui-col-md-11,.mui-col-md-12,.mui-col-md-2,.mui-col-md-3,.mui-col-md-4,.mui-col-md-5,.mui-col-md-6,.mui-col-md-7,.mui-col-md-8,.mui-col-md-9,.mui-col-sm-1,.mui-col-sm-10,.mui-col-sm-11,.mui-col-sm-12,.mui-col-sm-2,.mui-col-sm-3,.mui-col-sm-4,.mui-col-sm-5,.mui-col-sm-6,.mui-col-sm-7,.mui-col-sm-8,.mui-col-sm-9,.mui-col-xs-1,.mui-col-xs-10,.mui-col-xs-11,.mui-col-xs-12,.mui-col-xs-2,.mui-col-xs-3,.mui-col-xs-4,.mui-col-xs-5,.mui-col-xs-6,.mui-col-xs-7,.mui-col-xs-8,.mui-col-xs-9{box-sizing:border-box;min-height:1px;padding-left:15px;padding-right:15px}.mui-col-xs-1,.mui-col-xs-10,.mui-col-xs-11,.mui-col-xs-12,.mui-col-xs-2,.mui-col-xs-3,.mui-col-xs-4,.mui-col-xs-5,.mui-col-xs-6,.mui-col-xs-7,.mui-col-xs-8,.mui-col-xs-9{float:left}.mui-col-xs-1{width:8.33333%}.mui-col-xs-2{width:16.66667%}.mui-col-xs-3{width:25%}.mui-col-xs-4{width:33.33333%}.mui-col-xs-5{width:41.66667%}.mui-col-xs-6{width:50%}.mui-col-xs-7{width:58.33333%}.mui-col-xs-8{width:66.66667%}.mui-col-xs-9{width:75%}.mui-col-xs-10{width:83.33333%}.mui-col-xs-11{width:91.66667%}.mui-col-xs-12{width:100%}.mui-col-xs-offset-0{margin-left:0}.mui-col-xs-offset-1{margin-left:8.33333%}.mui-col-xs-offset-2{margin-left:16.66667%}.mui-col-xs-offset-3{margin-left:25%}.mui-col-xs-offset-4{margin-left:33.33333%}.mui-col-xs-offset-5{margin-left:41.66667%}.mui-col-xs-offset-6{margin-left:50%}.mui-col-xs-offset-7{margin-left:58.33333%}.mui-col-xs-offset-8{margin-left:66.66667%}.mui-col-xs-offset-9{margin-left:75%}.mui-col-xs-offset-10{margin-left:83.33333%}.mui-col-xs-offset-11{margin-left:91.66667%}.mui-col-xs-offset-12{margin-left:100%}@media (min-width:544px){.mui-col-sm-1,.mui-col-sm-10,.mui-col-sm-11,.mui-col-sm-12,.mui-col-sm-2,.mui-col-sm-3,.mui-col-sm-4,.mui-col-sm-5,.mui-col-sm-6,.mui-col-sm-7,.mui-col-sm-8,.mui-col-sm-9{float:left}.mui-col-sm-1{width:8.33333%}.mui-col-sm-2{width:16.66667%}.mui-col-sm-3{width:25%}.mui-col-sm-4{width:33.33333%}.mui-col-sm-5{width:41.66667%}.mui-col-sm-6{width:50%}.mui-col-sm-7{width:58.33333%}.mui-col-sm-8{width:66.66667%}.mui-col-sm-9{width:75%}.mui-col-sm-10{width:83.33333%}.mui-col-sm-11{width:91.66667%}.mui-col-sm-12{width:100%}.mui-col-sm-offset-0{margin-left:0}.mui-col-sm-offset-1{margin-left:8.33333%}.mui-col-sm-offset-2{margin-left:16.66667%}.mui-col-sm-offset-3{margin-left:25%}.mui-col-sm-offset-4{margin-left:33.33333%}.mui-col-sm-offset-5{margin-left:41.66667%}.mui-col-sm-offset-6{margin-left:50%}.mui-col-sm-offset-7{margin-left:58.33333%}.mui-col-sm-offset-8{margin-left:66.66667%}.mui-col-sm-offset-9{margin-left:75%}.mui-col-sm-offset-10{margin-left:83.33333%}.mui-col-sm-offset-11{margin-left:91.66667%}.mui-col-sm-offset-12{margin-left:100%}}@media (min-width:768px){.mui-col-md-1,.mui-col-md-10,.mui-col-md-11,.mui-col-md-12,.mui-col-md-2,.mui-col-md-3,.mui-col-md-4,.mui-col-md-5,.mui-col-md-6,.mui-col-md-7,.mui-col-md-8,.mui-col-md-9{float:left}.mui-col-md-1{width:8.33333%}.mui-col-md-2{width:16.66667%}.mui-col-md-3{width:25%}.mui-col-md-4{width:33.33333%}.mui-col-md-5{width:41.66667%}.mui-col-md-6{width:50%}.mui-col-md-7{width:58.33333%}.mui-col-md-8{width:66.66667%}.mui-col-md-9{width:75%}.mui-col-md-10{width:83.33333%}.mui-col-md-11{width:91.66667%}.mui-col-md-12{width:100%}.mui-col-md-offset-0{margin-left:0}.mui-col-md-offset-1{margin-left:8.33333%}.mui-col-md-offset-2{margin-left:16.66667%}.mui-col-md-offset-3{margin-left:25%}.mui-col-md-offset-4{margin-left:33.33333%}.mui-col-md-offset-5{margin-left:41.66667%}.mui-col-md-offset-6{margin-left:50%}.mui-col-md-offset-7{margin-left:58.33333%}.mui-col-md-offset-8{margin-left:66.66667%}.mui-col-md-offset-9{margin-left:75%}.mui-col-md-offset-10{margin-left:83.33333%}.mui-col-md-offset-11{margin-left:91.66667%}.mui-col-md-offset-12{margin-left:100%}}@media (min-width:992px){.mui-col-lg-1,.mui-col-lg-10,.mui-col-lg-11,.mui-col-lg-12,.mui-col-lg-2,.mui-col-lg-3,.mui-col-lg-4,.mui-col-lg-5,.mui-col-lg-6,.mui-col-lg-7,.mui-col-lg-8,.mui-col-lg-9{float:left}.mui-col-lg-1{width:8.33333%}.mui-col-lg-2{width:16.66667%}.mui-col-lg-3{width:25%}.mui-col-lg-4{width:33.33333%}.mui-col-lg-5{width:41.66667%}.mui-col-lg-6{width:50%}.mui-col-lg-7{width:58.33333%}.mui-col-lg-8{width:66.66667%}.mui-col-lg-9{width:75%}.mui-col-lg-10{width:83.33333%}.mui-col-lg-11{width:91.66667%}.mui-col-lg-12{width:100%}.mui-col-lg-offset-0{margin-left:0}.mui-col-lg-offset-1{margin-left:8.33333%}.mui-col-lg-offset-2{margin-left:16.66667%}.mui-col-lg-offset-3{margin-left:25%}.mui-col-lg-offset-4{margin-left:33.33333%}.mui-col-lg-offset-5{margin-left:41.66667%}.mui-col-lg-offset-6{margin-left:50%}.mui-col-lg-offset-7{margin-left:58.33333%}.mui-col-lg-offset-8{margin-left:66.66667%}.mui-col-lg-offset-9{margin-left:75%}.mui-col-lg-offset-10{margin-left:83.33333%}.mui-col-lg-offset-11{margin-left:91.66667%}.mui-col-lg-offset-12{margin-left:100%}}@media (min-width:1200px){.mui-col-xl-1,.mui-col-xl-10,.mui-col-xl-11,.mui-col-xl-12,.mui-col-xl-2,.mui-col-xl-3,.mui-col-xl-4,.mui-col-xl-5,.mui-col-xl-6,.mui-col-xl-7,.mui-col-xl-8,.mui-col-xl-9{float:left}.mui-col-xl-1{width:8.33333%}.mui-col-xl-2{width:16.66667%}.mui-col-xl-3{width:25%}.mui-col-xl-4{width:33.33333%}.mui-col-xl-5{width:41.66667%}.mui-col-xl-6{width:50%}.mui-col-xl-7{width:58.33333%}.mui-col-xl-8{width:66.66667%}.mui-col-xl-9{width:75%}.mui-col-xl-10{width:83.33333%}.mui-col-xl-11{width:91.66667%}.mui-col-xl-12{width:100%}.mui-col-xl-offset-0{margin-left:0}.mui-col-xl-offset-1{margin-left:8.33333%}.mui-col-xl-offset-2{margin-left:16.66667%}.mui-col-xl-offset-3{margin-left:25%}.mui-col-xl-offset-4{margin-left:33.33333%}.mui-col-xl-offset-5{margin-left:41.66667%}.mui-col-xl-offset-6{margin-left:50%}.mui-col-xl-offset-7{margin-left:58.33333%}.mui-col-xl-offset-8{margin-left:66.66667%}.mui-col-xl-offset-9{margin-left:75%}.mui-col-xl-offset-10{margin-left:83.33333%}.mui-col-xl-offset-11{margin-left:91.66667%}.mui-col-xl-offset-12{margin-left:100%}}.mui-panel{padding:15px;margin-bottom:20px;border-radius:0;background-color:#FFF;box-shadow:0 2px 2px 0 rgba(0,0,0,.16),0 0 2px 0 rgba(0,0,0,.12)}.mui-panel:after,.mui-panel:before{content:" ";display:table}.mui-panel:after{clear:both}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-panel{box-shadow:0 -1px 2px 0 rgba(0,0,0,.12),-1px 0 2px 0 rgba(0,0,0,.12),0 2px 2px 0 rgba(0,0,0,.16),0 0 2px 0 rgba(0,0,0,.12)}}@supports (-ms-ime-align:auto){.mui-panel{box-shadow:0 -1px 2px 0 rgba(0,0,0,.12),-1px 0 2px 0 rgba(0,0,0,.12),0 2px 2px 0 rgba(0,0,0,.16),0 0 2px 0 rgba(0,0,0,.12)}}.mui-select{display:block;padding-top:15px;margin-bottom:20px;position:relative}.mui-select:focus{outline:0}.mui-select:focus>select{height:33px;margin-bottom:-1px;border-color:#2196F3;border-width:2px}.mui-select>select{display:block;height:32px;width:100%;appearance:none;-webkit-appearance:none;-moz-appearance:none;outline:0;border:none;border-bottom:1px solid rgba(0,0,0,.26);border-radius:0;box-shadow:none;background-color:transparent;background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNiIgd2lkdGg9IjEwIj48cG9seWdvbiBwb2ludHM9IjAsMCAxMCwwIDUsNiIgc3R5bGU9ImZpbGw6cmdiYSgwLDAsMCwuMjQpOyIvPjwvc3ZnPg==);background-repeat:no-repeat;background-position:right center;cursor:pointer;color:rgba(0,0,0,.87);font-size:16px;font-family:inherit;line-height:inherit;padding:0 25px 0 0}.mui-select>select::-ms-expand{display:none}.mui-select>select:focus{outline:0;height:33px;margin-bottom:-1px;border-color:#2196F3;border-width:2px}.mui-select>select:disabled{color:rgba(0,0,0,.38);cursor:not-allowed;background-color:transparent;opacity:1}.mui-select>select:-moz-focusring{color:transparent;text-shadow:0 0 0 #000}.mui-select>select:focus::-ms-value{background:0 0;color:rgba(0,0,0,.87)}.mui-select>label{position:absolute;top:0;display:block;width:100%;color:rgba(0,0,0,.54);font-size:12px;font-weight:400;line-height:15px;overflow-x:hidden;text-overflow:ellipsis;white-space:nowrap}.mui-select:focus>label,.mui-select>select:focus~label{color:#2196F3}.mui-select__menu{position:absolute;z-index:2;min-width:100%;overflow-y:auto;padding:8px 0;background-color:#FFF;font-size:16px}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-select__menu{border-left:1px solid rgba(0,0,0,.12);border-top:1px solid rgba(0,0,0,.12)}}@supports (-ms-ime-align:auto){.mui-select__menu{border-left:1px solid rgba(0,0,0,.12);border-top:1px solid rgba(0,0,0,.12)}}.mui-select__menu>div{padding:0 22px;height:42px;line-height:42px;cursor:pointer;white-space:nowrap}.mui-select__menu>div.mui--is-selected{background-color:#EEE}.mui-select__menu>div.mui--is-disabled{color:rgba(0,0,0,.38);cursor:not-allowed}.mui-select__menu>div:not(.mui-optgroup__label):not(.mui--is-disabled):hover{background-color:#E0E0E0}.mui-optgroup__option{text-indent:1em}.mui-optgroup__label{color:rgba(0,0,0,.54);font-size:.9em}.mui-table{width:100%;max-width:100%;margin-bottom:20px}.mui-table>tbody>tr>th,.mui-table>tfoot>tr>th,.mui-table>thead>tr>th{text-align:left}.mui-table>tbody>tr>td,.mui-table>tbody>tr>th,.mui-table>tfoot>tr>td,.mui-table>tfoot>tr>th,.mui-table>thead>tr>td,.mui-table>thead>tr>th{padding:10px;line-height:1.429}.mui-table>thead>tr>th{border-bottom:2px solid rgba(0,0,0,.12);font-weight:700}.mui-table>tbody+tbody{border-top:2px solid rgba(0,0,0,.12)}.mui-table.mui-table--bordered>tbody>tr>td{border-bottom:1px solid rgba(0,0,0,.12)}.mui-tabs__bar{list-style:none;padding-left:0;margin-bottom:0;background-color:transparent;white-space:nowrap;overflow-x:auto}.mui-tabs__bar>li{display:inline-block}.mui-tabs__bar>li>a{display:block;white-space:nowrap;text-transform:uppercase;font-weight:500;font-size:14px;color:rgba(0,0,0,.87);cursor:default;height:48px;line-height:48px;padding-left:24px;padding-right:24px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.mui-tabs__bar>li>a:hover{text-decoration:none}.mui-tabs__bar>li.mui--is-active{border-bottom:2px solid #2196F3}.mui-tabs__bar>li.mui--is-active>a{color:#2196F3}.mui-tabs__bar.mui-tabs__bar--justified{display:table;width:100%;table-layout:fixed}.mui-tabs__bar.mui-tabs__bar--justified>li{display:table-cell}.mui-tabs__bar.mui-tabs__bar--justified>li>a{text-align:center;padding-left:0;padding-right:0}.mui-tabs__pane{display:none}.mui-tabs__pane.mui--is-active{display:block}.mui-textfield{display:block;padding-top:15px;margin-bottom:20px;position:relative}.mui-textfield>label{position:absolute;top:0;display:block;width:100%;color:rgba(0,0,0,.54);font-size:12px;font-weight:400;line-height:15px;overflow-x:hidden;text-overflow:ellipsis;white-space:nowrap}.mui-textfield>textarea{padding-top:5px}.mui-textfield>input:focus~label,.mui-textfield>textarea:focus~label{color:#2196F3}.mui-textfield--float-label>label{position:absolute;transform:translate(0,15px);font-size:16px;line-height:32px;color:rgba(0,0,0,.26);text-overflow:clip;cursor:text;pointer-events:none}.mui-textfield--float-label>input:focus~label,.mui-textfield--float-label>textarea:focus~label{transform:translate(0,0);font-size:12px;line-height:15px;text-overflow:ellipsis}.mui-textfield--float-label>input:not(:focus).mui--is-not-empty~label,.mui-textfield--float-label>input:not(:focus):not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield--float-label>input:not(:focus)[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield--float-label>textarea:not(:focus).mui--is-not-empty~label,.mui-textfield--float-label>textarea:not(:focus):not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield--float-label>textarea:not(:focus)[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label{color:rgba(0,0,0,.54);font-size:12px;line-height:15px;transform:translate(0,0);text-overflow:ellipsis}.mui-textfield--wrap-label{display:table;width:100%;padding-top:0}.mui-textfield--wrap-label:not(.mui-textfield--float-label)>label{display:table-header-group;position:static;white-space:normal;overflow-x:visible}.mui-textfield>input,.mui-textfield>textarea{box-sizing:border-box;display:block;background-color:transparent;color:rgba(0,0,0,.87);border:none;border-bottom:1px solid rgba(0,0,0,.26);outline:0;width:100%;padding:0;box-shadow:none;border-radius:0;font-size:16px;font-family:inherit;line-height:inherit;background-image:none}.mui-textfield>input:focus,.mui-textfield>textarea:focus{border-color:#2196F3;border-width:2px}.mui-textfield>input:-moz-read-only,.mui-textfield>input:disabled,.mui-textfield>textarea:-moz-read-only,.mui-textfield>textarea:disabled{cursor:not-allowed;background-color:transparent;opacity:1}.mui-textfield>input:disabled,.mui-textfield>input:read-only,.mui-textfield>textarea:disabled,.mui-textfield>textarea:read-only{cursor:not-allowed;background-color:transparent;opacity:1}.mui-textfield>input::-webkit-input-placeholder,.mui-textfield>textarea::-webkit-input-placeholder{color:rgba(0,0,0,.26);opacity:1}.mui-textfield>input:-ms-input-placeholder,.mui-textfield>textarea:-ms-input-placeholder{color:rgba(0,0,0,.26);opacity:1}.mui-textfield>input::placeholder,.mui-textfield>textarea::placeholder{color:rgba(0,0,0,.26);opacity:1}.mui-textfield>input{height:32px}.mui-textfield>input:focus{height:33px;margin-bottom:-1px}.mui-textfield>textarea{min-height:64px}.mui-textfield>textarea[rows]:not([rows="2"]):focus{margin-bottom:-1px}.mui-textfield>input:focus{height:33px;margin-bottom:-1px}.mui-textfield>input:invalid:not(:focus):not(:required),.mui-textfield>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>input:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:not(:required),.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>input:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:invalid:not(:focus):not(:required),.mui-textfield>textarea:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>textarea:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>textarea:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:not(:focus).mui--is-invalid:not(:required),.mui-textfield>textarea:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>textarea:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>textarea:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty){border-color:#F44336;border-width:2px}.mui-textfield>input:invalid:not(:focus):not(:required),.mui-textfield>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>input:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:not(:required),.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>input:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty){height:33px;margin-bottom:-1px}.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):not(:required)~label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required.mui--is-not-empty~label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):not(:required)~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required.mui--is-not-empty~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label{color:#F44336}.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):not(:required)~label,.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched~label,.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):required.mui--is-not-empty~label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):not(:required)~label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):required.mui--is-empty.mui--is-touched~label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):required.mui--is-not-empty~label{color:#F44336}.mui-textfield.mui-textfield--float-label>.mui--is-invalid.mui--is-not-empty:not(:focus)~label{color:#F44336}.mui-textfield:not(.mui-textfield--float-label)>.mui--is-invalid:not(:focus)~label{color:#F44336}.mui--no-transition{transition:none!important}.mui--no-user-select{-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.mui-caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid;border-right:4px solid transparent;border-left:4px solid transparent}.mui--text-left{text-align:left!important}.mui--text-right{text-align:right!important}.mui--text-center{text-align:center!important}.mui--text-justify{text-align:justify!important}.mui--text-nowrap{white-space:nowrap!important}.mui--align-baseline{vertical-align:baseline!important}.mui--align-top{vertical-align:top!important}.mui--align-middle{vertical-align:middle!important}.mui--align-bottom{vertical-align:bottom!important}.mui--text-dark{color:rgba(0,0,0,.87)}.mui--text-dark-secondary{color:rgba(0,0,0,.54)}.mui--text-dark-hint{color:rgba(0,0,0,.38)}.mui--text-light{color:#FFF}.mui--text-light-secondary{color:rgba(255,255,255,.7)}.mui--text-light-hint{color:rgba(255,255,255,.3)}.mui--text-accent{color:rgba(255,64,129,.87)}.mui--text-accent-secondary{color:rgba(255,64,129,.54)}.mui--text-accent-hint{color:rgba(255,64,129,.38)}.mui--text-black{color:#000}.mui--text-white{color:#FFF}.mui--text-danger{color:#F44336}.mui--bg-primary{background-color:#2196F3}.mui--bg-primary-dark{background-color:#1976D2}.mui--bg-primary-light{background-color:#BBDEFB}.mui--bg-accent{background-color:#FF4081}.mui--bg-accent-dark{background-color:#F50057}.mui--bg-accent-light{background-color:#FF80AB}.mui--bg-danger{background-color:#F44336}.mui-list--unstyled{padding-left:0;list-style:none}.mui-list--inline{padding-left:0;list-style:none;margin-left:-5px}.mui-list--inline>li{display:inline-block;padding-left:5px;padding-right:5px}.mui--z1,.mui-dropdown__menu,.mui-select__menu{box-shadow:0 1px 3px rgba(0,0,0,.12),0 1px 2px rgba(0,0,0,.24)}.mui--z2{box-shadow:0 3px 6px rgba(0,0,0,.16),0 3px 6px rgba(0,0,0,.23)}.mui--z3{box-shadow:0 10px 20px rgba(0,0,0,.19),0 6px 6px rgba(0,0,0,.23)}.mui--z4{box-shadow:0 14px 28px rgba(0,0,0,.25),0 10px 10px rgba(0,0,0,.22)}.mui--z5{box-shadow:0 19px 38px rgba(0,0,0,.3),0 15px 12px rgba(0,0,0,.22)}.mui--clearfix:after,.mui--clearfix:before{content:" ";display:table}.mui--clearfix:after{clear:both}.mui--pull-right{float:right!important}.mui--pull-left{float:left!important}.mui--hide{display:none!important}.mui--show{display:block!important}.mui--invisible{visibility:hidden}.mui--overflow-hidden{overflow:hidden!important}.mui--overflow-hidden-x{overflow-x:hidden!important}.mui--overflow-hidden-y{overflow-y:hidden!important}.mui--visible-lg-block,.mui--visible-lg-inline,.mui--visible-lg-inline-block,.mui--visible-md-block,.mui--visible-md-inline,.mui--visible-md-inline-block,.mui--visible-sm-block,.mui--visible-sm-inline,.mui--visible-sm-inline-block,.mui--visible-xl-block,.mui--visible-xl-inline,.mui--visible-xl-inline-block,.mui--visible-xs-block,.mui--visible-xs-inline,.mui--visible-xs-inline-block{display:none!important}@media (max-width:543px){.mui-visible-xs{display:block!important}table.mui-visible-xs{display:table}tr.mui-visible-xs{display:table-row!important}td.mui-visible-xs,th.mui-visible-xs{display:table-cell!important}.mui--visible-xs-block{display:block!important}.mui--visible-xs-inline{display:inline!important}.mui--visible-xs-inline-block{display:inline-block!important}}@media (min-width:544px) and (max-width:767px){.mui-visible-sm{display:block!important}table.mui-visible-sm{display:table}tr.mui-visible-sm{display:table-row!important}td.mui-visible-sm,th.mui-visible-sm{display:table-cell!important}.mui--visible-sm-block{display:block!important}.mui--visible-sm-inline{display:inline!important}.mui--visible-sm-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.mui-visible-md{display:block!important}table.mui-visible-md{display:table}tr.mui-visible-md{display:table-row!important}td.mui-visible-md,th.mui-visible-md{display:table-cell!important}.mui--visible-md-block{display:block!important}.mui--visible-md-inline{display:inline!important}.mui--visible-md-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.mui-visible-lg{display:block!important}table.mui-visible-lg{display:table}tr.mui-visible-lg{display:table-row!important}td.mui-visible-lg,th.mui-visible-lg{display:table-cell!important}.mui--visible-lg-block{display:block!important}.mui--visible-lg-inline{display:inline!important}.mui--visible-lg-inline-block{display:inline-block!important}}@media (min-width:1200px){.mui-visible-xl{display:block!important}table.mui-visible-xl{display:table}tr.mui-visible-xl{display:table-row!important}td.mui-visible-xl,th.mui-visible-xl{display:table-cell!important}.mui--visible-xl-block{display:block!important}.mui--visible-xl-inline{display:inline!important}.mui--visible-xl-inline-block{display:inline-block!important}}@media (max-width:543px){.mui--hidden-xs{display:none!important}}@media (min-width:544px) and (max-width:767px){.mui--hidden-sm{display:none!important}}@media (min-width:768px) and (max-width:991px){.mui--hidden-md{display:none!important}}@media (min-width:992px) and (max-width:1199px){.mui--hidden-lg{display:none!important}}@media (min-width:1200px){.mui--hidden-xl{display:none!important}}.mui-scrlock--showbar-y{overflow-y:scroll!important}.mui-scrlock--showbar-x{overflow-x:scroll!important}#mui-overlay{position:fixed;top:0;right:0;bottom:0;left:0;z-index:99999999;background-color:rgba(0,0,0,.2);overflow:auto}.mui-btn__ripple-container{position:absolute;top:0;left:0;display:block;height:100%;width:100%;overflow:hidden;z-index:0;pointer-events:none}.mui-ripple{position:absolute;top:0;left:0;border-radius:50%;opacity:0;pointer-events:none;transform:scale(.0001,.0001)}.mui-ripple.mui--is-animating{transform:none;transition:transform .3s cubic-bezier(0,0,.2,1),width .3s cubic-bezier(0,0,.2,1),height .3s cubic-bezier(0,0,.2,1),opacity .3s cubic-bezier(0,0,.2,1)}.mui-ripple.mui--is-visible{opacity:.3}.mui-btn .mui-ripple{background-color:#a6a6a6}.mui-btn--primary .mui-ripple{background-color:#FFF}.mui-btn--dark .mui-ripple{background-color:#FFF}.mui-btn--danger .mui-ripple{background-color:#FFF}.mui-btn--accent .mui-ripple{background-color:#FFF}.mui-btn--flat .mui-ripple{background-color:#a6a6a6}.mui--text-display4{font-weight:300;font-size:112px;line-height:112px}.mui--text-display3{font-weight:400;font-size:56px;line-height:56px}.mui--text-display2{font-weight:400;font-size:45px;line-height:48px}.mui--text-display1,h1{font-weight:400;font-size:34px;line-height:40px}.mui--text-headline,h2{font-weight:400;font-size:24px;line-height:32px}.mui--text-title,h3{font-weight:400;font-size:20px;line-height:28px}.mui--text-subhead,h4{font-weight:400;font-size:16px;line-height:24px}.mui--text-body2,h5{font-weight:500;font-size:14px;line-height:24px}.mui--text-body1{font-weight:400;font-size:14px;line-height:20px}.mui--text-caption{font-weight:400;font-size:12px;line-height:16px}.mui--text-menu{font-weight:500;font-size:13px;line-height:17px}.mui--text-button{font-weight:500;font-size:14px;line-height:18px;text-transform:uppercase} \ No newline at end of file +/*! normalize.css v5.0.0 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{display:inline-block;vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:Arial,Verdana,Tahoma;font-size:14px;font-weight:400;line-height:1.429;color:rgba(0,0,0,.87);background-color:#FFF}a{color:#2196F3;text-decoration:none}a:focus,a:hover{text-decoration:underline}a:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}p{margin:0 0 10px}ol,ul{margin-top:0;margin-bottom:10px}hr{margin-top:20px;margin-bottom:20px;border:0;height:1px;background-color:rgba(0,0,0,.12)}strong{font-weight:700}abbr[title]{cursor:help;border-bottom:1px dotted #2196F3}h1,h2,h3{margin-top:20px;margin-bottom:10px}h4,h5,h6{margin-top:10px;margin-bottom:10px}.mui--appbar-height{height:56px}.mui--appbar-min-height,.mui-appbar{min-height:56px}.mui--appbar-line-height{line-height:56px}.mui--appbar-top{top:56px}@media (orientation:landscape) and (max-height:480px){.mui--appbar-height{height:48px}.mui--appbar-min-height,.mui-appbar{min-height:48px}.mui--appbar-line-height{line-height:48px}.mui--appbar-top{top:48px}}@media (min-width:480px){.mui--appbar-height{height:64px}.mui--appbar-min-height,.mui-appbar{min-height:64px}.mui--appbar-line-height{line-height:64px}.mui--appbar-top{top:64px}}.mui-appbar{background-color:#2196F3;color:#FFF}.mui-btn{font-weight:500;font-size:14px;line-height:18px;text-transform:uppercase;color:rgba(0,0,0,.87);background-color:#FFF;transition:all .2s ease-in-out;display:inline-block;height:36px;padding:0 26px;margin:6px 0;border:none;border-radius:2px;cursor:pointer;-ms-touch-action:manipulation;touch-action:manipulation;background-image:none;text-align:center;line-height:36px;vertical-align:middle;white-space:nowrap;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;font-size:14px;font-family:inherit;letter-spacing:.03em;position:relative;overflow:hidden}.mui-btn:active,.mui-btn:focus,.mui-btn:hover{color:rgba(0,0,0,.87);background-color:#fff}.mui-btn[disabled]:active,.mui-btn[disabled]:focus,.mui-btn[disabled]:hover{color:rgba(0,0,0,.87);background-color:#FFF}.mui-btn.mui-btn--flat{color:rgba(0,0,0,.87);background-color:transparent}.mui-btn.mui-btn--flat:active,.mui-btn.mui-btn--flat:focus,.mui-btn.mui-btn--flat:hover{color:rgba(0,0,0,.87);background-color:#f2f2f2}.mui-btn.mui-btn--flat[disabled]:active,.mui-btn.mui-btn--flat[disabled]:focus,.mui-btn.mui-btn--flat[disabled]:hover{color:rgba(0,0,0,.87);background-color:transparent}.mui-btn:active,.mui-btn:focus,.mui-btn:hover{outline:0;text-decoration:none;color:rgba(0,0,0,.87)}.mui-btn:focus,.mui-btn:hover{box-shadow:0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn:focus,.mui-btn:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn:focus,.mui-btn:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}.mui-btn:active:hover{box-shadow:0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn:active:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn:active:hover{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}.mui-btn.mui--is-disabled,.mui-btn:disabled{cursor:not-allowed;pointer-events:none;opacity:.6;box-shadow:none}.mui-btn+.mui-btn{margin-left:8px}.mui-btn--flat{background-color:transparent}.mui-btn--flat:active,.mui-btn--flat:active:hover,.mui-btn--flat:focus,.mui-btn--flat:hover{box-shadow:none;background-color:#f2f2f2}.mui-btn--fab,.mui-btn--raised{box-shadow:0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn--fab,.mui-btn--raised{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn--fab,.mui-btn--raised{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 2px rgba(0,0,0,.12),0 2px 2px rgba(0,0,0,.2)}}.mui-btn--fab:active,.mui-btn--raised:active{box-shadow:0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-btn--fab:active,.mui-btn--raised:active{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}@supports (-ms-ime-align:auto){.mui-btn--fab:active,.mui-btn--raised:active{box-shadow:0 -1px 2px rgba(0,0,0,.12),-1px 0 2px rgba(0,0,0,.12),0 0 4px rgba(0,0,0,.12),1px 3px 4px rgba(0,0,0,.2)}}.mui-btn--fab{position:relative;padding:0;width:55px;height:55px;line-height:55px;border-radius:50%;z-index:1}.mui-btn--primary{color:#FFF;background-color:#2196F3}.mui-btn--primary:active,.mui-btn--primary:focus,.mui-btn--primary:hover{color:#FFF;background-color:#39a1f4}.mui-btn--primary[disabled]:active,.mui-btn--primary[disabled]:focus,.mui-btn--primary[disabled]:hover{color:#FFF;background-color:#2196F3}.mui-btn--primary.mui-btn--flat{color:#2196F3;background-color:transparent}.mui-btn--primary.mui-btn--flat:active,.mui-btn--primary.mui-btn--flat:focus,.mui-btn--primary.mui-btn--flat:hover{color:#2196F3;background-color:#f2f2f2}.mui-btn--primary.mui-btn--flat[disabled]:active,.mui-btn--primary.mui-btn--flat[disabled]:focus,.mui-btn--primary.mui-btn--flat[disabled]:hover{color:#2196F3;background-color:transparent}.mui-btn--dark{color:#FFF;background-color:#424242}.mui-btn--dark:active,.mui-btn--dark:focus,.mui-btn--dark:hover{color:#FFF;background-color:#4f4f4f}.mui-btn--dark[disabled]:active,.mui-btn--dark[disabled]:focus,.mui-btn--dark[disabled]:hover{color:#FFF;background-color:#424242}.mui-btn--dark.mui-btn--flat{color:#424242;background-color:transparent}.mui-btn--dark.mui-btn--flat:active,.mui-btn--dark.mui-btn--flat:focus,.mui-btn--dark.mui-btn--flat:hover{color:#424242;background-color:#f2f2f2}.mui-btn--dark.mui-btn--flat[disabled]:active,.mui-btn--dark.mui-btn--flat[disabled]:focus,.mui-btn--dark.mui-btn--flat[disabled]:hover{color:#424242;background-color:transparent}.mui-btn--danger{color:#FFF;background-color:#F44336}.mui-btn--danger:active,.mui-btn--danger:focus,.mui-btn--danger:hover{color:#FFF;background-color:#f55a4e}.mui-btn--danger[disabled]:active,.mui-btn--danger[disabled]:focus,.mui-btn--danger[disabled]:hover{color:#FFF;background-color:#F44336}.mui-btn--danger.mui-btn--flat{color:#F44336;background-color:transparent}.mui-btn--danger.mui-btn--flat:active,.mui-btn--danger.mui-btn--flat:focus,.mui-btn--danger.mui-btn--flat:hover{color:#F44336;background-color:#f2f2f2}.mui-btn--danger.mui-btn--flat[disabled]:active,.mui-btn--danger.mui-btn--flat[disabled]:focus,.mui-btn--danger.mui-btn--flat[disabled]:hover{color:#F44336;background-color:transparent}.mui-btn--accent{color:#FFF;background-color:#FF4081}.mui-btn--accent:active,.mui-btn--accent:focus,.mui-btn--accent:hover{color:#FFF;background-color:#ff5a92}.mui-btn--accent[disabled]:active,.mui-btn--accent[disabled]:focus,.mui-btn--accent[disabled]:hover{color:#FFF;background-color:#FF4081}.mui-btn--accent.mui-btn--flat{color:#FF4081;background-color:transparent}.mui-btn--accent.mui-btn--flat:active,.mui-btn--accent.mui-btn--flat:focus,.mui-btn--accent.mui-btn--flat:hover{color:#FF4081;background-color:#f2f2f2}.mui-btn--accent.mui-btn--flat[disabled]:active,.mui-btn--accent.mui-btn--flat[disabled]:focus,.mui-btn--accent.mui-btn--flat[disabled]:hover{color:#FF4081;background-color:transparent}.mui-btn--small{height:30.6px;line-height:30.6px;padding:0 16px;font-size:13px}.mui-btn--large{height:54px;line-height:54px;padding:0 26px;font-size:14px}.mui-btn--fab.mui-btn--small{width:44px;height:44px;line-height:44px}.mui-btn--fab.mui-btn--large{width:75px;height:75px;line-height:75px}.mui-checkbox,.mui-radio{position:relative;display:block;margin-top:10px;margin-bottom:10px}.mui-checkbox>label,.mui-radio>label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.mui-checkbox input:disabled,.mui-radio input:disabled{cursor:not-allowed}.mui-checkbox input:focus,.mui-radio input:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.mui-checkbox--inline>label>input[type=checkbox],.mui-checkbox>label>input[type=checkbox],.mui-radio--inline>label>input[type=radio],.mui-radio>label>input[type=radio]{position:absolute;margin-left:-20px;margin-top:4px}.mui-checkbox+.mui-checkbox,.mui-radio+.mui-radio{margin-top:-5px}.mui-checkbox--inline,.mui-radio--inline{display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:400;cursor:pointer}.mui-checkbox--inline>input[type=checkbox],.mui-checkbox--inline>input[type=radio],.mui-checkbox--inline>label>input[type=checkbox],.mui-checkbox--inline>label>input[type=radio],.mui-radio--inline>input[type=checkbox],.mui-radio--inline>input[type=radio],.mui-radio--inline>label>input[type=checkbox],.mui-radio--inline>label>input[type=radio]{margin:4px 0 0;line-height:normal}.mui-checkbox--inline+.mui-checkbox--inline,.mui-radio--inline+.mui-radio--inline{margin-top:0;margin-left:10px}.mui-container{box-sizing:border-box;margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.mui-container:after,.mui-container:before{content:" ";display:table}.mui-container:after{clear:both}@media (min-width:544px){.mui-container{max-width:570px}}@media (min-width:768px){.mui-container{max-width:740px}}@media (min-width:992px){.mui-container{max-width:960px}}@media (min-width:1200px){.mui-container{max-width:1170px}}.mui-container-fluid{box-sizing:border-box;margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.mui-container-fluid:after,.mui-container-fluid:before{content:" ";display:table}.mui-container-fluid:after{clear:both}.mui-divider{display:block;height:1px;background-color:rgba(0,0,0,.12)}.mui--divider-top{border-top:1px solid rgba(0,0,0,.12)}.mui--divider-bottom{border-bottom:1px solid rgba(0,0,0,.12)}.mui--divider-left{border-left:1px solid rgba(0,0,0,.12)}.mui--divider-right{border-right:1px solid rgba(0,0,0,.12)}.mui-dropdown{display:inline-block;position:relative}[data-mui-toggle=dropdown]{outline:0}.mui-dropdown__menu{position:absolute;top:100%;left:0;display:none;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;font-size:14px;text-align:left;background-color:#FFF;border-radius:2px;z-index:1;background-clip:padding-box}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-dropdown__menu{border-top:1px solid rgba(0,0,0,.12);border-left:1px solid rgba(0,0,0,.12)}}@supports (-ms-ime-align:auto){.mui-dropdown__menu{border-top:1px solid rgba(0,0,0,.12);border-left:1px solid rgba(0,0,0,.12)}}.mui-dropdown__menu.mui--is-open{display:block}.mui-dropdown__menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.429;color:rgba(0,0,0,.87);text-decoration:none;white-space:nowrap}.mui-dropdown__menu>li>a:focus,.mui-dropdown__menu>li>a:hover{text-decoration:none;color:rgba(0,0,0,.87);background-color:#EEE}.mui-dropdown__menu>.mui--is-disabled>a,.mui-dropdown__menu>.mui--is-disabled>a:focus,.mui-dropdown__menu>.mui--is-disabled>a:hover{color:#EEE}.mui-dropdown__menu>.mui--is-disabled>a:focus,.mui-dropdown__menu>.mui--is-disabled>a:hover{text-decoration:none;background-color:transparent;background-image:none;cursor:not-allowed}.mui-dropdown__menu--right{left:auto;right:0}.mui-form legend{display:block;width:100%;padding:0;margin-bottom:10px;font-size:21px;color:rgba(0,0,0,.87);line-height:inherit;border:0}.mui-form fieldset{border:0;padding:0;margin:0 0 20px 0}@media (min-width:544px){.mui-form--inline .mui-textfield{display:inline-block;vertical-align:bottom;margin-bottom:0}.mui-form--inline .mui-checkbox,.mui-form--inline .mui-radio{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.mui-form--inline .mui-checkbox>label,.mui-form--inline .mui-radio>label{padding-left:0}.mui-form--inline .mui-checkbox>label>input[type=checkbox],.mui-form--inline .mui-radio>label>input[type=radio]{position:relative;margin-left:0}.mui-form--inline .mui-select{display:inline-block}.mui-form--inline .mui-btn{margin-bottom:0;margin-top:0;vertical-align:bottom}}.mui-row{margin-left:-15px;margin-right:-15px}.mui-row:after,.mui-row:before{content:" ";display:table}.mui-row:after{clear:both}.mui-col-lg-1,.mui-col-lg-10,.mui-col-lg-11,.mui-col-lg-12,.mui-col-lg-2,.mui-col-lg-3,.mui-col-lg-4,.mui-col-lg-5,.mui-col-lg-6,.mui-col-lg-7,.mui-col-lg-8,.mui-col-lg-9,.mui-col-md-1,.mui-col-md-10,.mui-col-md-11,.mui-col-md-12,.mui-col-md-2,.mui-col-md-3,.mui-col-md-4,.mui-col-md-5,.mui-col-md-6,.mui-col-md-7,.mui-col-md-8,.mui-col-md-9,.mui-col-sm-1,.mui-col-sm-10,.mui-col-sm-11,.mui-col-sm-12,.mui-col-sm-2,.mui-col-sm-3,.mui-col-sm-4,.mui-col-sm-5,.mui-col-sm-6,.mui-col-sm-7,.mui-col-sm-8,.mui-col-sm-9,.mui-col-xs-1,.mui-col-xs-10,.mui-col-xs-11,.mui-col-xs-12,.mui-col-xs-2,.mui-col-xs-3,.mui-col-xs-4,.mui-col-xs-5,.mui-col-xs-6,.mui-col-xs-7,.mui-col-xs-8,.mui-col-xs-9{box-sizing:border-box;min-height:1px;padding-left:15px;padding-right:15px}.mui-col-xs-1,.mui-col-xs-10,.mui-col-xs-11,.mui-col-xs-12,.mui-col-xs-2,.mui-col-xs-3,.mui-col-xs-4,.mui-col-xs-5,.mui-col-xs-6,.mui-col-xs-7,.mui-col-xs-8,.mui-col-xs-9{float:left}.mui-col-xs-1{width:8.33333%}.mui-col-xs-2{width:16.66667%}.mui-col-xs-3{width:25%}.mui-col-xs-4{width:33.33333%}.mui-col-xs-5{width:41.66667%}.mui-col-xs-6{width:50%}.mui-col-xs-7{width:58.33333%}.mui-col-xs-8{width:66.66667%}.mui-col-xs-9{width:75%}.mui-col-xs-10{width:83.33333%}.mui-col-xs-11{width:91.66667%}.mui-col-xs-12{width:100%}.mui-col-xs-offset-0{margin-left:0}.mui-col-xs-offset-1{margin-left:8.33333%}.mui-col-xs-offset-2{margin-left:16.66667%}.mui-col-xs-offset-3{margin-left:25%}.mui-col-xs-offset-4{margin-left:33.33333%}.mui-col-xs-offset-5{margin-left:41.66667%}.mui-col-xs-offset-6{margin-left:50%}.mui-col-xs-offset-7{margin-left:58.33333%}.mui-col-xs-offset-8{margin-left:66.66667%}.mui-col-xs-offset-9{margin-left:75%}.mui-col-xs-offset-10{margin-left:83.33333%}.mui-col-xs-offset-11{margin-left:91.66667%}.mui-col-xs-offset-12{margin-left:100%}@media (min-width:544px){.mui-col-sm-1,.mui-col-sm-10,.mui-col-sm-11,.mui-col-sm-12,.mui-col-sm-2,.mui-col-sm-3,.mui-col-sm-4,.mui-col-sm-5,.mui-col-sm-6,.mui-col-sm-7,.mui-col-sm-8,.mui-col-sm-9{float:left}.mui-col-sm-1{width:8.33333%}.mui-col-sm-2{width:16.66667%}.mui-col-sm-3{width:25%}.mui-col-sm-4{width:33.33333%}.mui-col-sm-5{width:41.66667%}.mui-col-sm-6{width:50%}.mui-col-sm-7{width:58.33333%}.mui-col-sm-8{width:66.66667%}.mui-col-sm-9{width:75%}.mui-col-sm-10{width:83.33333%}.mui-col-sm-11{width:91.66667%}.mui-col-sm-12{width:100%}.mui-col-sm-offset-0{margin-left:0}.mui-col-sm-offset-1{margin-left:8.33333%}.mui-col-sm-offset-2{margin-left:16.66667%}.mui-col-sm-offset-3{margin-left:25%}.mui-col-sm-offset-4{margin-left:33.33333%}.mui-col-sm-offset-5{margin-left:41.66667%}.mui-col-sm-offset-6{margin-left:50%}.mui-col-sm-offset-7{margin-left:58.33333%}.mui-col-sm-offset-8{margin-left:66.66667%}.mui-col-sm-offset-9{margin-left:75%}.mui-col-sm-offset-10{margin-left:83.33333%}.mui-col-sm-offset-11{margin-left:91.66667%}.mui-col-sm-offset-12{margin-left:100%}}@media (min-width:768px){.mui-col-md-1,.mui-col-md-10,.mui-col-md-11,.mui-col-md-12,.mui-col-md-2,.mui-col-md-3,.mui-col-md-4,.mui-col-md-5,.mui-col-md-6,.mui-col-md-7,.mui-col-md-8,.mui-col-md-9{float:left}.mui-col-md-1{width:8.33333%}.mui-col-md-2{width:16.66667%}.mui-col-md-3{width:25%}.mui-col-md-4{width:33.33333%}.mui-col-md-5{width:41.66667%}.mui-col-md-6{width:50%}.mui-col-md-7{width:58.33333%}.mui-col-md-8{width:66.66667%}.mui-col-md-9{width:75%}.mui-col-md-10{width:83.33333%}.mui-col-md-11{width:91.66667%}.mui-col-md-12{width:100%}.mui-col-md-offset-0{margin-left:0}.mui-col-md-offset-1{margin-left:8.33333%}.mui-col-md-offset-2{margin-left:16.66667%}.mui-col-md-offset-3{margin-left:25%}.mui-col-md-offset-4{margin-left:33.33333%}.mui-col-md-offset-5{margin-left:41.66667%}.mui-col-md-offset-6{margin-left:50%}.mui-col-md-offset-7{margin-left:58.33333%}.mui-col-md-offset-8{margin-left:66.66667%}.mui-col-md-offset-9{margin-left:75%}.mui-col-md-offset-10{margin-left:83.33333%}.mui-col-md-offset-11{margin-left:91.66667%}.mui-col-md-offset-12{margin-left:100%}}@media (min-width:992px){.mui-col-lg-1,.mui-col-lg-10,.mui-col-lg-11,.mui-col-lg-12,.mui-col-lg-2,.mui-col-lg-3,.mui-col-lg-4,.mui-col-lg-5,.mui-col-lg-6,.mui-col-lg-7,.mui-col-lg-8,.mui-col-lg-9{float:left}.mui-col-lg-1{width:8.33333%}.mui-col-lg-2{width:16.66667%}.mui-col-lg-3{width:25%}.mui-col-lg-4{width:33.33333%}.mui-col-lg-5{width:41.66667%}.mui-col-lg-6{width:50%}.mui-col-lg-7{width:58.33333%}.mui-col-lg-8{width:66.66667%}.mui-col-lg-9{width:75%}.mui-col-lg-10{width:83.33333%}.mui-col-lg-11{width:91.66667%}.mui-col-lg-12{width:100%}.mui-col-lg-offset-0{margin-left:0}.mui-col-lg-offset-1{margin-left:8.33333%}.mui-col-lg-offset-2{margin-left:16.66667%}.mui-col-lg-offset-3{margin-left:25%}.mui-col-lg-offset-4{margin-left:33.33333%}.mui-col-lg-offset-5{margin-left:41.66667%}.mui-col-lg-offset-6{margin-left:50%}.mui-col-lg-offset-7{margin-left:58.33333%}.mui-col-lg-offset-8{margin-left:66.66667%}.mui-col-lg-offset-9{margin-left:75%}.mui-col-lg-offset-10{margin-left:83.33333%}.mui-col-lg-offset-11{margin-left:91.66667%}.mui-col-lg-offset-12{margin-left:100%}}@media (min-width:1200px){.mui-col-xl-1,.mui-col-xl-10,.mui-col-xl-11,.mui-col-xl-12,.mui-col-xl-2,.mui-col-xl-3,.mui-col-xl-4,.mui-col-xl-5,.mui-col-xl-6,.mui-col-xl-7,.mui-col-xl-8,.mui-col-xl-9{float:left}.mui-col-xl-1{width:8.33333%}.mui-col-xl-2{width:16.66667%}.mui-col-xl-3{width:25%}.mui-col-xl-4{width:33.33333%}.mui-col-xl-5{width:41.66667%}.mui-col-xl-6{width:50%}.mui-col-xl-7{width:58.33333%}.mui-col-xl-8{width:66.66667%}.mui-col-xl-9{width:75%}.mui-col-xl-10{width:83.33333%}.mui-col-xl-11{width:91.66667%}.mui-col-xl-12{width:100%}.mui-col-xl-offset-0{margin-left:0}.mui-col-xl-offset-1{margin-left:8.33333%}.mui-col-xl-offset-2{margin-left:16.66667%}.mui-col-xl-offset-3{margin-left:25%}.mui-col-xl-offset-4{margin-left:33.33333%}.mui-col-xl-offset-5{margin-left:41.66667%}.mui-col-xl-offset-6{margin-left:50%}.mui-col-xl-offset-7{margin-left:58.33333%}.mui-col-xl-offset-8{margin-left:66.66667%}.mui-col-xl-offset-9{margin-left:75%}.mui-col-xl-offset-10{margin-left:83.33333%}.mui-col-xl-offset-11{margin-left:91.66667%}.mui-col-xl-offset-12{margin-left:100%}}.mui-panel{padding:15px;margin-bottom:20px;border-radius:0;background-color:#FFF;box-shadow:0 2px 2px 0 rgba(0,0,0,.16),0 0 2px 0 rgba(0,0,0,.12)}.mui-panel:after,.mui-panel:before{content:" ";display:table}.mui-panel:after{clear:both}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-panel{box-shadow:0 -1px 2px 0 rgba(0,0,0,.12),-1px 0 2px 0 rgba(0,0,0,.12),0 2px 2px 0 rgba(0,0,0,.16),0 0 2px 0 rgba(0,0,0,.12)}}@supports (-ms-ime-align:auto){.mui-panel{box-shadow:0 -1px 2px 0 rgba(0,0,0,.12),-1px 0 2px 0 rgba(0,0,0,.12),0 2px 2px 0 rgba(0,0,0,.16),0 0 2px 0 rgba(0,0,0,.12)}}.mui-select{display:block;padding-top:15px;margin-bottom:20px;position:relative}.mui-select:focus{outline:0}.mui-select:focus>select{height:33px;margin-bottom:-1px;border-color:#2196F3;border-width:2px}.mui-select>select{display:block;height:32px;width:100%;appearance:none;-webkit-appearance:none;-moz-appearance:none;outline:0;border:none;border-bottom:1px solid rgba(0,0,0,.26);border-radius:0;box-shadow:none;background-color:transparent;background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iNiIgd2lkdGg9IjEwIj48cG9seWdvbiBwb2ludHM9IjAsMCAxMCwwIDUsNiIgc3R5bGU9ImZpbGw6cmdiYSgwLDAsMCwuMjQpOyIvPjwvc3ZnPg==);background-repeat:no-repeat;background-position:right center;cursor:pointer;color:rgba(0,0,0,.87);font-size:16px;font-family:inherit;line-height:inherit;padding:0 25px 0 0}.mui-select>select::-ms-expand{display:none}.mui-select>select:focus{outline:0;height:33px;margin-bottom:-1px;border-color:#2196F3;border-width:2px}.mui-select>select:disabled{color:rgba(0,0,0,.38);cursor:not-allowed;background-color:transparent;opacity:1}.mui-select>select:-moz-focusring{color:transparent;text-shadow:0 0 0 #000}.mui-select>select:focus::-ms-value{background:0 0;color:rgba(0,0,0,.87)}.mui-select>label{position:absolute;top:0;display:block;width:100%;color:rgba(0,0,0,.54);font-size:12px;font-weight:400;line-height:15px;overflow-x:hidden;text-overflow:ellipsis;white-space:nowrap}.mui-select:focus>label,.mui-select>select:focus~label{color:#2196F3}.mui-select__menu{position:absolute;z-index:2;min-width:100%;overflow-y:auto;padding:8px 0;background-color:#FFF;font-size:16px}@media all and (-ms-high-contrast:none),(-ms-high-contrast:active){.mui-select__menu{border-left:1px solid rgba(0,0,0,.12);border-top:1px solid rgba(0,0,0,.12)}}@supports (-ms-ime-align:auto){.mui-select__menu{border-left:1px solid rgba(0,0,0,.12);border-top:1px solid rgba(0,0,0,.12)}}.mui-select__menu>div{padding:0 22px;height:42px;line-height:42px;cursor:pointer;white-space:nowrap}.mui-select__menu>div.mui--is-selected{background-color:#EEE}.mui-select__menu>div.mui--is-disabled{color:rgba(0,0,0,.38);cursor:not-allowed}.mui-select__menu>div:not(.mui-optgroup__label):not(.mui--is-disabled):hover{background-color:#E0E0E0}.mui-optgroup__option{text-indent:1em}.mui-optgroup__label{color:rgba(0,0,0,.54);font-size:.9em}.mui-table{width:100%;max-width:100%;margin-bottom:20px}.mui-table>tbody>tr>th,.mui-table>tfoot>tr>th,.mui-table>thead>tr>th{text-align:left}.mui-table>tbody>tr>td,.mui-table>tbody>tr>th,.mui-table>tfoot>tr>td,.mui-table>tfoot>tr>th,.mui-table>thead>tr>td,.mui-table>thead>tr>th{padding:10px;line-height:1.429}.mui-table>thead>tr>th{border-bottom:2px solid rgba(0,0,0,.12);font-weight:700}.mui-table>tbody+tbody{border-top:2px solid rgba(0,0,0,.12)}.mui-table.mui-table--bordered>tbody>tr>td{border-bottom:1px solid rgba(0,0,0,.12)}.mui-tabs__bar{list-style:none;padding-left:0;margin-bottom:0;background-color:transparent;white-space:nowrap;overflow-x:auto}.mui-tabs__bar>li{display:inline-block}.mui-tabs__bar>li>a{display:block;white-space:nowrap;text-transform:uppercase;font-weight:500;font-size:14px;color:rgba(0,0,0,.87);cursor:default;height:48px;line-height:48px;padding-left:24px;padding-right:24px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.mui-tabs__bar>li>a:hover{text-decoration:none}.mui-tabs__bar>li.mui--is-active{border-bottom:2px solid #2196F3}.mui-tabs__bar>li.mui--is-active>a{color:#2196F3}.mui-tabs__bar.mui-tabs__bar--justified{display:table;width:100%;table-layout:fixed}.mui-tabs__bar.mui-tabs__bar--justified>li{display:table-cell}.mui-tabs__bar.mui-tabs__bar--justified>li>a{text-align:center;padding-left:0;padding-right:0}.mui-tabs__pane{display:none}.mui-tabs__pane.mui--is-active{display:block}.mui-textfield{display:block;padding-top:15px;margin-bottom:20px;position:relative}.mui-textfield>label{position:absolute;top:0;display:block;width:100%;color:rgba(0,0,0,.54);font-size:12px;font-weight:400;line-height:15px;overflow-x:hidden;text-overflow:ellipsis;white-space:nowrap}.mui-textfield>textarea{padding-top:5px}.mui-textfield>input:focus~label,.mui-textfield>textarea:focus~label{color:#2196F3}.mui-textfield--float-label>label{position:absolute;transform:translate(0,15px);font-size:16px;line-height:32px;color:rgba(0,0,0,.26);text-overflow:clip;cursor:text;pointer-events:none}.mui-textfield--float-label>input:focus~label,.mui-textfield--float-label>textarea:focus~label{transform:translate(0,0);font-size:12px;line-height:15px;text-overflow:ellipsis}.mui-textfield--float-label>input:not(:focus).mui--is-not-empty~label,.mui-textfield--float-label>input:not(:focus):not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield--float-label>input:not(:focus)[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield--float-label>textarea:not(:focus).mui--is-not-empty~label,.mui-textfield--float-label>textarea:not(:focus):not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield--float-label>textarea:not(:focus)[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label{color:rgba(0,0,0,.54);font-size:12px;line-height:15px;transform:translate(0,0);text-overflow:ellipsis}.mui-textfield--wrap-label{display:table;width:100%;padding-top:0}.mui-textfield--wrap-label:not(.mui-textfield--float-label)>label{display:table-header-group;position:static;white-space:normal;overflow-x:visible}.mui-textfield>input,.mui-textfield>textarea{box-sizing:border-box;display:block;background-color:transparent;color:rgba(0,0,0,.87);border:none;border-bottom:1px solid rgba(0,0,0,.26);outline:0;width:100%;padding:0;box-shadow:none;border-radius:0;font-size:16px;font-family:inherit;line-height:inherit;background-image:none}.mui-textfield>input:focus,.mui-textfield>textarea:focus{border-color:#2196F3;border-width:2px}.mui-textfield>input:-moz-read-only,.mui-textfield>input:disabled,.mui-textfield>textarea:-moz-read-only,.mui-textfield>textarea:disabled{cursor:not-allowed;background-color:transparent;opacity:1}.mui-textfield>input:disabled,.mui-textfield>input:read-only,.mui-textfield>textarea:disabled,.mui-textfield>textarea:read-only{cursor:not-allowed;background-color:transparent;opacity:1}.mui-textfield>input::-webkit-input-placeholder,.mui-textfield>textarea::-webkit-input-placeholder{color:rgba(0,0,0,.26);opacity:1}.mui-textfield>input:-ms-input-placeholder,.mui-textfield>textarea:-ms-input-placeholder{color:rgba(0,0,0,.26);opacity:1}.mui-textfield>input::placeholder,.mui-textfield>textarea::placeholder{color:rgba(0,0,0,.26);opacity:1}.mui-textfield>input{height:32px}.mui-textfield>input:focus{height:33px;margin-bottom:-1px}.mui-textfield>textarea{min-height:64px}.mui-textfield>textarea[rows]:not([rows="2"]):focus{margin-bottom:-1px}.mui-textfield>input:focus{height:33px;margin-bottom:-1px}.mui-textfield>input:invalid:not(:focus):not(:required),.mui-textfield>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>input:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:not(:required),.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>input:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:invalid:not(:focus):not(:required),.mui-textfield>textarea:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>textarea:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>textarea:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:not(:focus).mui--is-invalid:not(:required),.mui-textfield>textarea:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>textarea:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>textarea:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>textarea:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty){border-color:#F44336;border-width:2px}.mui-textfield>input:invalid:not(:focus):not(:required),.mui-textfield>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched,.mui-textfield>input:invalid:not(:focus):required.mui--is-not-empty,.mui-textfield>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:not(:required),.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-empty.mui--is-touched,.mui-textfield>input:not(:focus).mui--is-invalid:required.mui--is-not-empty,.mui-textfield>input:not(:focus).mui--is-invalid:required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty),.mui-textfield>input:not(:focus).mui--is-invalid:required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty){height:33px;margin-bottom:-1px}.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):not(:required)~label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required.mui--is-not-empty~label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield.mui-textfield--float-label>input:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):not(:required)~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required.mui--is-not-empty~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required:not(:empty):not(.mui--is-empty):not(.mui--is-not-empty)~label,.mui-textfield.mui-textfield--float-label>textarea:invalid:not(:focus):required[value]:not([value=""]):not(.mui--is-empty):not(.mui--is-not-empty)~label{color:#F44336}.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):not(:required)~label,.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):required.mui--is-empty.mui--is-touched~label,.mui-textfield:not(.mui-textfield--float-label)>input:invalid:not(:focus):required.mui--is-not-empty~label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):not(:required)~label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):required.mui--is-empty.mui--is-touched~label,.mui-textfield:not(.mui-textfield--float-label)>textarea:invalid:not(:focus):required.mui--is-not-empty~label{color:#F44336}.mui-textfield.mui-textfield--float-label>.mui--is-invalid.mui--is-not-empty:not(:focus)~label{color:#F44336}.mui-textfield:not(.mui-textfield--float-label)>.mui--is-invalid:not(:focus)~label{color:#F44336}.mui--no-transition{transition:none!important}.mui--no-user-select{-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.mui-caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid;border-right:4px solid transparent;border-left:4px solid transparent}.mui--text-left{text-align:left!important}.mui--text-right{text-align:right!important}.mui--text-center{text-align:center!important}.mui--text-justify{text-align:justify!important}.mui--text-nowrap{white-space:nowrap!important}.mui--align-baseline{vertical-align:baseline!important}.mui--align-top{vertical-align:top!important}.mui--align-middle{vertical-align:middle!important}.mui--align-bottom{vertical-align:bottom!important}.mui--text-dark{color:rgba(0,0,0,.87)}.mui--text-dark-secondary{color:rgba(0,0,0,.54)}.mui--text-dark-hint{color:rgba(0,0,0,.38)}.mui--text-light{color:#FFF}.mui--text-light-secondary{color:rgba(255,255,255,.7)}.mui--text-light-hint{color:rgba(255,255,255,.3)}.mui--text-accent{color:rgba(255,64,129,.87)}.mui--text-accent-secondary{color:rgba(255,64,129,.54)}.mui--text-accent-hint{color:rgba(255,64,129,.38)}.mui--text-black{color:#000}.mui--text-white{color:#FFF}.mui--text-danger{color:#F44336}.mui--bg-primary{background-color:#2196F3}.mui--bg-primary-dark{background-color:#1976D2}.mui--bg-primary-light{background-color:#BBDEFB}.mui--bg-accent{background-color:#FF4081}.mui--bg-accent-dark{background-color:#F50057}.mui--bg-accent-light{background-color:#FF80AB}.mui--bg-danger{background-color:#F44336}.mui-list--unstyled{padding-left:0;list-style:none}.mui-list--inline{padding-left:0;list-style:none;margin-left:-5px}.mui-list--inline>li{display:inline-block;padding-left:5px;padding-right:5px}.mui--z1,.mui-dropdown__menu,.mui-select__menu{box-shadow:0 1px 3px rgba(0,0,0,.12),0 1px 2px rgba(0,0,0,.24)}.mui--z2{box-shadow:0 3px 6px rgba(0,0,0,.16),0 3px 6px rgba(0,0,0,.23)}.mui--z3{box-shadow:0 10px 20px rgba(0,0,0,.19),0 6px 6px rgba(0,0,0,.23)}.mui--z4{box-shadow:0 14px 28px rgba(0,0,0,.25),0 10px 10px rgba(0,0,0,.22)}.mui--z5{box-shadow:0 19px 38px rgba(0,0,0,.3),0 15px 12px rgba(0,0,0,.22)}.mui--clearfix:after,.mui--clearfix:before{content:" ";display:table}.mui--clearfix:after{clear:both}.mui--pull-right{float:right!important}.mui--pull-left{float:left!important}.mui--hide{display:none!important}.mui--show{display:block!important}.mui--invisible{visibility:hidden}.mui--overflow-hidden{overflow:hidden!important}.mui--overflow-hidden-x{overflow-x:hidden!important}.mui--overflow-hidden-y{overflow-y:hidden!important}.mui--visible-lg-block,.mui--visible-lg-inline,.mui--visible-lg-inline-block,.mui--visible-md-block,.mui--visible-md-inline,.mui--visible-md-inline-block,.mui--visible-sm-block,.mui--visible-sm-inline,.mui--visible-sm-inline-block,.mui--visible-xl-block,.mui--visible-xl-inline,.mui--visible-xl-inline-block,.mui--visible-xs-block,.mui--visible-xs-inline,.mui--visible-xs-inline-block{display:none!important}@media (max-width:543px){.mui-visible-xs{display:block!important}table.mui-visible-xs{display:table}tr.mui-visible-xs{display:table-row!important}td.mui-visible-xs,th.mui-visible-xs{display:table-cell!important}.mui--visible-xs-block{display:block!important}.mui--visible-xs-inline{display:inline!important}.mui--visible-xs-inline-block{display:inline-block!important}}@media (min-width:544px) and (max-width:767px){.mui-visible-sm{display:block!important}table.mui-visible-sm{display:table}tr.mui-visible-sm{display:table-row!important}td.mui-visible-sm,th.mui-visible-sm{display:table-cell!important}.mui--visible-sm-block{display:block!important}.mui--visible-sm-inline{display:inline!important}.mui--visible-sm-inline-block{display:inline-block!important}}@media (min-width:768px) and (max-width:991px){.mui-visible-md{display:block!important}table.mui-visible-md{display:table}tr.mui-visible-md{display:table-row!important}td.mui-visible-md,th.mui-visible-md{display:table-cell!important}.mui--visible-md-block{display:block!important}.mui--visible-md-inline{display:inline!important}.mui--visible-md-inline-block{display:inline-block!important}}@media (min-width:992px) and (max-width:1199px){.mui-visible-lg{display:block!important}table.mui-visible-lg{display:table}tr.mui-visible-lg{display:table-row!important}td.mui-visible-lg,th.mui-visible-lg{display:table-cell!important}.mui--visible-lg-block{display:block!important}.mui--visible-lg-inline{display:inline!important}.mui--visible-lg-inline-block{display:inline-block!important}}@media (min-width:1200px){.mui-visible-xl{display:block!important}table.mui-visible-xl{display:table}tr.mui-visible-xl{display:table-row!important}td.mui-visible-xl,th.mui-visible-xl{display:table-cell!important}.mui--visible-xl-block{display:block!important}.mui--visible-xl-inline{display:inline!important}.mui--visible-xl-inline-block{display:inline-block!important}}@media (max-width:543px){.mui--hidden-xs{display:none!important}}@media (min-width:544px) and (max-width:767px){.mui--hidden-sm{display:none!important}}@media (min-width:768px) and (max-width:991px){.mui--hidden-md{display:none!important}}@media (min-width:992px) and (max-width:1199px){.mui--hidden-lg{display:none!important}}@media (min-width:1200px){.mui--hidden-xl{display:none!important}}.mui-scrlock--showbar-y{overflow-y:scroll!important}.mui-scrlock--showbar-x{overflow-x:scroll!important}#mui-overlay{position:fixed;top:0;right:0;bottom:0;left:0;z-index:99999999;background-color:rgba(0,0,0,.2);overflow:auto}.mui-btn__ripple-container{position:absolute;top:0;left:0;display:block;height:100%;width:100%;overflow:hidden;z-index:0;pointer-events:none}.mui-ripple{position:absolute;top:0;left:0;border-radius:50%;opacity:0;pointer-events:none;transform:scale(.0001,.0001)}.mui-ripple.mui--is-animating{transform:none;transition:transform .3s cubic-bezier(0,0,.2,1),width .3s cubic-bezier(0,0,.2,1),height .3s cubic-bezier(0,0,.2,1),opacity .3s cubic-bezier(0,0,.2,1)}.mui-ripple.mui--is-visible{opacity:.3}.mui-btn .mui-ripple{background-color:#a6a6a6}.mui-btn--primary .mui-ripple{background-color:#FFF}.mui-btn--dark .mui-ripple{background-color:#FFF}.mui-btn--danger .mui-ripple{background-color:#FFF}.mui-btn--accent .mui-ripple{background-color:#FFF}.mui-btn--flat .mui-ripple{background-color:#a6a6a6}.mui--text-display4{font-weight:300;font-size:112px;line-height:112px}.mui--text-display3{font-weight:400;font-size:56px;line-height:56px}.mui--text-display2{font-weight:400;font-size:45px;line-height:48px}.mui--text-display1,h1{font-weight:400;font-size:34px;line-height:40px}.mui--text-headline,h2{font-weight:400;font-size:24px;line-height:32px}.mui--text-title,h3{font-weight:400;font-size:20px;line-height:28px}.mui--text-subhead,h4{font-weight:400;font-size:16px;line-height:24px}.mui--text-body2,h5{font-weight:500;font-size:14px;line-height:24px}.mui--text-body1{font-weight:400;font-size:14px;line-height:20px}.mui--text-caption{font-weight:400;font-size:12px;line-height:16px}.mui--text-menu{font-weight:500;font-size:13px;line-height:17px}.mui--text-button{font-weight:500;font-size:14px;line-height:18px;text-transform:uppercase} diff --git a/dashboard/static/lib/mui/packages/cdn/js/mui.min.js b/dashboard/static/lib/mui/packages/cdn/js/mui.min.js index 30032f09..27c5877d 100644 --- a/dashboard/static/lib/mui/packages/cdn/js/mui.min.js +++ b/dashboard/static/lib/mui/packages/cdn/js/mui.min.js @@ -1 +1 @@ -!function t(e,i,n){function o(s,a){if(!i[s]){if(!e[s]){var l="function"==typeof require&&require;if(!a&&l)return l(s,!0);if(r)return r(s,!0);throw new Error("Cannot find module '"+s+"'")}var u=i[s]={exports:{}};e[s][0].call(u.exports,function(t){var i=e[s][1][t];return o(i||t)},u,u.exports,t,e,i,n)}return i[s].exports}for(var r="function"==typeof require&&require,s=0;s input","mui-textfield-inserted"],[".mui-textfield > textarea","mui-textfield-inserted"],[".mui-textfield > input:-webkit-autofill","mui-textfield-autofill"],[".mui-textfield > textarea:-webkit-autofill","mui-textfield-autofill"],[".mui-select > select","mui-select-inserted"],[".mui-select > select ~ .mui-event-trigger","mui-node-inserted"],[".mui-select > select:disabled ~ .mui-event-trigger","mui-node-disabled"]],i="",n=0,o=e.length;nd&&(p=a+(i+1)*s-(-1*n+o+r),h=e*s+2*a-f,v=Math.min(p,h)),{height:f+"px",top:n+"px",scrollTop:v}}var o=15,r=32,s=42,a=8;e.exports={getMenuPositionalCSS:n}},{}],5:[function(t,e,i){"use strict";function n(t,e){if(e&&t.setAttribute){for(var i,n=h(t),o=e.split(" "),r=0;r-1}function s(t){if(void 0===t)return"undefined";var e=Object.prototype.toString.call(t);if(0===e.indexOf("[object "))return e.slice(8,-1).toLowerCase();throw new Error("MUI: Could not understand type: "+e)}function a(t,e,i,n){n=void 0!==n&&n;var o=t._muiEventCache=t._muiEventCache||{};e.split(" ").map(function(e){t.addEventListener(e,i,n),o[e]=o[e]||[],o[e].push([i,n])})}function l(t,e,i,n){n=void 0!==n&&n;var o,r,s,a=t._muiEventCache=t._muiEventCache||{};e.split(" ").map(function(e){for(o=a[e]||[],s=o.length;s--;)r=o[s],(void 0===i||r[0]===i&&r[1]===n)&&(o.splice(s,1),t.removeEventListener(e,r[0],r[1]))})}function u(t,e,i,n){e.split(" ").map(function(e){a(t,e,function o(r){i&&i.apply(this,arguments),l(t,e,o,n)},n)})}function c(t,e){var i=window;if(void 0===e){if(t===i){var n=document.documentElement;return(i.pageXOffset||n.scrollLeft)-(n.clientLeft||0)}return t.scrollLeft}t===i?i.scrollTo(e,d(i)):t.scrollLeft=e}function d(t,e){var i=window;if(void 0===e){if(t===i){var n=document.documentElement;return(i.pageYOffset||n.scrollTop)-(n.clientTop||0)}return t.scrollTop}t===i?i.scrollTo(c(i),e):t.scrollTop=e}function m(t){var e=window,i=t.getBoundingClientRect(),n=d(e),o=c(e);return{top:i.top+n,left:i.left+o,height:i.height,width:i.width}}function f(t){var e=!1,i=!0,n=document,o=n.defaultView,r=n.documentElement,s=n.addEventListener?"addEventListener":"attachEvent",a=n.addEventListener?"removeEventListener":"detachEvent",l=n.addEventListener?"":"on",u=function(i){"readystatechange"==i.type&&"complete"!=n.readyState||(("load"==i.type?o:n)[a](l+i.type,u,!1),!e&&(e=!0)&&t.call(o,i.type||i))},c=function(){try{r.doScroll("left")}catch(t){return void setTimeout(c,50)}u("poll")};if("complete"==n.readyState)t.call(o,"lazy");else{if(n.createEventObject&&r.doScroll){try{i=!o.frameElement}catch(t){}i&&c()}n[s](l+"DOMContentLoaded",u,!1),n[s](l+"readystatechange",u,!1),o[s](l+"load",u,!1)}}function p(t,e){if(e&&t.setAttribute){for(var i,n=h(t),o=e.split(" "),r=0;r=0;)n=n.replace(" "+i+" "," ");t.setAttribute("class",n.trim())}}function h(t){return" "+(t.getAttribute("class")||"").replace(/[\n\t]/g,"")+" "}function v(t){return t.replace(g,function(t,e,i,n){return n?i.toUpperCase():i}).replace(y,"Moz$1")}function b(t,e,i){var n;return n=i.getPropertyValue(e),""!==n||t.ownerDocument||(n=t.style[v(e)]),n}var g=/([\:\-\_]+(.))/g,y=/^moz([A-Z])/;e.exports={addClass:n,css:o,hasClass:r,off:l,offset:m,on:a,one:u,ready:f,removeClass:p,type:s,scrollLeft:c,scrollTop:d}},{}],6:[function(t,e,i){"use strict";function n(){var t=window;if(g.debug&&void 0!==t.console)try{t.console.log.apply(t.console,arguments)}catch(i){var e=Array.prototype.slice.call(arguments);t.console.log(e.join("\n"))}}function o(t){var e,i=document;e=i.head||i.getElementsByTagName("head")[0]||i.documentElement;var n=i.createElement("style");return n.type="text/css",n.styleSheet?n.styleSheet.cssText=t:n.appendChild(i.createTextNode(t)),e.insertBefore(n,e.firstChild),n}function r(t,e){if(!e)throw new Error("MUI: "+t);"undefined"!=typeof console&&console.error("MUI Warning: "+t)}function s(t){var e="";for(var i in t)e+=t[i]?i+" ":"";return e.trim()}function a(){if(void 0!==b)return b;var t=document.createElement("x");return t.style.cssText="pointer-events:auto",b="auto"===t.style.pointerEvents}function l(t,e){return function(){t[e].apply(t,arguments)}}function u(t,e,i,n,o){var r,s=document.createEvent("HTMLEvents"),i=void 0===i||i,n=void 0===n||n;if(s.initEvent(e,i,n),o)for(r in o)s[r]=o[r];return t&&t.dispatchEvent(s),s}function c(){if(1===(C+=1)){var t,e,i,n=document,r=window,s=n.documentElement,a=n.body,l=x();t=["overflow:hidden"],l&&(s.scrollHeight>s.clientHeight&&(i=parseInt(y.css(a,"padding-right"))+l,t.push("padding-right:"+i+"px")),s.scrollWidth>s.clientWidth&&(i=parseInt(y.css(a,"padding-bottom"))+l,t.push("padding-bottom:"+i+"px"))),e="."+E+"{",e+=t.join(" !important;")+" !important;}",p=o(e),y.on(r,"scroll",h,!0),f={left:y.scrollLeft(r),top:y.scrollTop(r)},y.addClass(a,E)}}function d(t){0!==C&&0===(C-=1)&&(y.removeClass(document.body,E),p.parentNode.removeChild(p),t&&window.scrollTo(f.left,f.top),y.off(window,"scroll",h,!0))}function m(t){var e=window.requestAnimationFrame;e?e(t):setTimeout(t,0)}var f,p,h,v,b,g=t("../config"),y=t("./jqLite"),C=0,E="mui-scroll-lock";h=function(t){t.target.tagName||t.stopImmediatePropagation()};var x=function(){if(void 0!==v)return v;var t=document,e=t.body,i=t.createElement("div");return i.innerHTML='
',i=i.firstChild,e.appendChild(i),v=i.offsetWidth-i.clientWidth,e.removeChild(i),v};e.exports={callback:l,classNames:s,disableScrollLock:d,dispatchEvent:u,enableScrollLock:c,log:n,loadStyle:o,raiseError:r,requestAnimationFrame:m,supportsPointerEvents:a}},{"../config":2,"./jqLite":5}],7:[function(t,e,i){"use strict";function n(t){if(!0!==t._muiDropdown){t._muiDropdown=!0;var e=t.tagName;"INPUT"!==e&&"BUTTON"!==e||t.hasAttribute("type")||(t.type="button"),s.on(t,"click",o)}}function o(t){if(0===t.button){var e=this;null===e.getAttribute("disabled")&&r(e)}}function r(t){function e(){s.removeClass(n,u),s.off(o,"click",e)}var i=t.parentNode,n=t.nextElementSibling,o=i.ownerDocument;if(!n||!s.hasClass(n,c))return a.raiseError("Dropdown menu element not found");s.hasClass(n,u)?e():function(){var r=i.getBoundingClientRect(),a=t.getBoundingClientRect(),l=a.top-r.top+a.height;s.css(n,"top",l+"px"),s.addClass(n,u),setTimeout(function(){s.on(o,"click",e)},0)}()}var s=t("./lib/jqLite"),a=t("./lib/util"),l=t("./lib/animationHelpers"),u="mui--is-open",c="mui-dropdown__menu";e.exports={initListeners:function(){for(var t=document.querySelectorAll('[data-mui-toggle="dropdown"]'),e=t.length;e--;)n(t[e]);l.onAnimationStart("mui-dropdown-inserted",function(t){n(t.target)})}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}],8:[function(t,e,i){e.exports=t(5)},{}],9:[function(t,e,i){"use strict";function n(t){var e;if("on"===t){for(var i,n,s,a=arguments.length-1;a>0;a--)i=arguments[a],"object"===p.type(i)&&(n=i),i instanceof Element&&1===i.nodeType&&(s=i);n=n||{},void 0===n.keyboard&&(n.keyboard=!0),void 0===n.static&&(n.static=!1),e=o(n,s)}else"off"===t?e=r():f.raiseError("Expecting 'on' or 'off'");return e}function o(t,e){var i=document,n=i.body,o=i.getElementById(h);if(i.activeElement&&(m=i.activeElement),f.enableScrollLock(),o){for(;o.firstChild;)o.removeChild(o.firstChild);e&&o.appendChild(e)}else o=i.createElement("div"),o.setAttribute("id",h),o.setAttribute("tabindex","-1"),e&&o.appendChild(e),n.appendChild(o);return v.test(navigator.userAgent)&&p.css(o,"cursor","pointer"),t.keyboard?s():a(),t.static?c(o):u(o),o.muiOptions=t,o.focus(),o}function r(){var t,e=document.getElementById(h);if(e){for(;e.firstChild;)e.removeChild(e.firstChild);e.parentNode.removeChild(e),t=e.muiOptions.onclose,c(e)}return f.disableScrollLock(),a(),m&&m.focus(),t&&t(),e}function s(){p.on(document,"keyup",l)}function a(){p.off(document,"keyup",l)}function l(t){27===t.keyCode&&r()}function u(t){p.on(t,"click",d)}function c(t){p.off(t,"click",d)}function d(t){t.target.id===h&&r()}var m,f=t("./lib/util"),p=t("./lib/jqLite"),h="mui-overlay",v=/(iPad|iPhone|iPod)/g;e.exports=n},{"./lib/jqLite":5,"./lib/util":6}],10:[function(t,e,i){"use strict";function n(t){!0!==t._muiRipple&&(t._muiRipple=!0,"INPUT"!==t.tagName&&s.on(t,c,o))}function o(t){if("mousedown"!==t.type||0===t.button){var e=this,i=e._rippleEl;if(!e.disabled){if(!i){var n=document.createElement("span");n.className="mui-btn__ripple-container",n.innerHTML='',e.appendChild(n),i=e._rippleEl=n.children[0],s.on(e,d,r)}var o,l,u=s.offset(e),c="touchstart"===t.type?t.touches[0]:t;o=Math.sqrt(u.height*u.height+u.width*u.width),l=2*o+"px",s.css(i,{width:l,height:l,top:Math.round(c.pageY-u.top-o)+"px",left:Math.round(c.pageX-u.left-o)+"px"}),s.removeClass(i,"mui--is-animating"),s.addClass(i,"mui--is-visible"),a.requestAnimationFrame(function(){s.addClass(i,"mui--is-animating")})}}}function r(t){var e=this._rippleEl;a.requestAnimationFrame(function(){s.removeClass(e,"mui--is-visible")})}var s=t("./lib/jqLite"),a=t("./lib/util"),l=t("./lib/animationHelpers"),u="ontouchstart"in document.documentElement,c=u?"touchstart":"mousedown",d=u?"touchend":"mouseup mouseleave";e.exports={initListeners:function(){for(var t=document.getElementsByClassName("mui-btn"),e=t.length;e--;)n(t[e]);l.onAnimationStart("mui-btn-inserted",function(t){n(t.target)})}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}],11:[function(t,e,i){"use strict";function n(t){if(!0!==t._muiSelect&&(t._muiSelect=!0,!("ontouchstart"in v.documentElement))){var e=t.parentNode;e._selectEl=t,e._menu=null,e._q="",e._qTimeout=null,t.disabled||(e.tabIndex=0),t.tabIndex=-1,d.on(t,"mousedown",o),d.on(e,"click",l),d.on(e,"blur focus",r),d.on(e,"keydown",s),d.on(e,"keypress",a);var i=document.createElement("div");i.className="mui-event-trigger",e.appendChild(i),d.on(i,f.animationEvents,function(t){t.stopPropagation(),"mui-node-disabled"===t.animationName?t.target.parentNode.removeAttribute("tabIndex"):t.target.parentNode.tabIndex=0})}}function o(t){0===t.button&&t.preventDefault()}function r(t){m.dispatchEvent(this._selectEl,t.type,!1,!1)}function s(t){if(!t.defaultPrevented){var e=t.keyCode,i=this._menu;if(i){if(9===e)return i.destroy();27!==e&&40!==e&&38!==e&&13!==e||t.preventDefault(),27===e?i.destroy():40===e?i.increment():38===e?i.decrement():13===e&&(i.selectCurrent(),i.destroy())}else 32!==e&&38!==e&&40!==e||(t.preventDefault(),u(this))}}function a(t){var e=this._menu;if(!t.defaultPrevented&&e){var i=this;clearTimeout(this._qTimeout),this._q+=t.key,this._qTimeout=setTimeout(function(){i._q=""},300);var n,o=new RegExp("^"+this._q,"i"),r=e.itemArray;for(n in r)if(o.test(r[n].innerText)){e.selectPos(n);break}}}function l(t){0!==t.button||this._selectEl.disabled||(this.focus(),u(this))}function u(t){t._menu||(t._menu=new c(t,t._selectEl,function(){t._menu=null,t.focus()}))}function c(t,e,i){m.enableScrollLock(),this.itemArray=[],this.origPos=null,this.currentPos=null,this.selectEl=e,this.wrapperEl=t,this.menuEl=this._createMenuEl(t,e);var n=m.callback;this.onClickCB=n(this,"onClick"),this.destroyCB=n(this,"destroy"),this.wrapperCallbackFn=i,t.appendChild(this.menuEl),d.scrollTop(this.menuEl,this.menuEl._scrollTop);var o=this.destroyCB;d.on(this.menuEl,"click",this.onClickCB),d.on(b,"resize",o),setTimeout(function(){d.on(v,"click",o)},0)}var d=t("./lib/jqLite"),m=t("./lib/util"),f=t("./lib/animationHelpers"),p=t("./lib/forms"),h="mui--is-selected",v=document,b=window;c.prototype._createMenuEl=function(t,e){var i,n,o,r,s,a,l,u,c=v.createElement("div"),m=e.children,f=this.itemArray,b=0,g=0,y=0,C=document.createDocumentFragment();for(c.className="mui-select__menu",s=0,a=m.length;s select"),e=t.length;e--;)n(t[e]);f.onAnimationStart("mui-select-inserted",function(t){n(t.target)})}}},{"./lib/animationHelpers":3,"./lib/forms":4,"./lib/jqLite":5,"./lib/util":6}],12:[function(t,e,i){"use strict";function n(t){!0!==t._muiTabs&&(t._muiTabs=!0,a.on(t,"click",o))}function o(t){if(0===t.button){var e=this;null===e.getAttribute("disabled")&&r(e)}}function r(t){var e,i,n,o,r,u,v,b,g,y=t.parentNode,C=t.getAttribute(c),E=document.getElementById(C);a.hasClass(y,d)||(E||l.raiseError('Tab pane "'+C+'" not found'),i=s(E),n=i.id,g="["+c+'="'+n+'"]',o=document.querySelectorAll(g)[0],e=o.parentNode,r={paneId:C,relatedPaneId:n},u={paneId:n,relatedPaneId:C},v=l.dispatchEvent(o,p,!0,!0,u),b=l.dispatchEvent(t,m,!0,!0,r),setTimeout(function(){v.defaultPrevented||b.defaultPrevented||(e&&a.removeClass(e,d),i&&a.removeClass(i,d),a.addClass(y,d),a.addClass(E,d),l.dispatchEvent(o,h,!0,!1,u),l.dispatchEvent(t,f,!0,!1,r))},0))}function s(t){for(var e,i=t.parentNode.children,n=i.length,o=null;n--&&!o;)(e=i[n])!==t&&a.hasClass(e,d)&&(o=e);return o}var a=t("./lib/jqLite"),l=t("./lib/util"),u=t("./lib/animationHelpers"),c="data-mui-controls",d="mui--is-active",m="mui.tabs.showstart",f="mui.tabs.showend",p="mui.tabs.hidestart",h="mui.tabs.hideend";e.exports={initListeners:function(){for(var t=document.querySelectorAll('[data-mui-toggle="tab"]'),e=t.length;e--;)n(t[e]);u.onAnimationStart("mui-tab-inserted",function(t){n(t.target)})},api:{activate:function(t){var e="["+c+"="+t+"]",i=document.querySelectorAll(e);i.length||l.raiseError('Tab control for pane "'+t+'" not found'),r(i[0])}}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}],13:[function(t,e,i){"use strict";function n(t){!0!==t._muiTextfield&&(t._muiTextfield=!0,t.value.length?s.addClass(t,p):s.addClass(t,f),s.addClass(t,c+" "+d),s.on(t,"blur",function e(){document.activeElement!==t&&(s.removeClass(t,c),s.addClass(t,u),s.off(t,"blur",e))}),s.one(t,"input change",function(){s.removeClass(t,d),s.addClass(t,m)}),s.on(t,"input change",o))}function o(){var t=this;t.value.length?(s.removeClass(t,f),s.addClass(t,p)):(s.removeClass(t,p),s.addClass(t,f))}function r(t){!0===t._muiTextfield&&o.call(t)}var s=t("./lib/jqLite"),a=t("./lib/util"),l=t("./lib/animationHelpers"),u="mui--is-touched",c="mui--is-untouched",d="mui--is-pristine",m="mui--is-dirty",f="mui--is-empty",p="mui--is-not-empty";e.exports={initialize:n,initListeners:function(){for(var t=document,e=t.querySelectorAll(".mui-textfield > input, .mui-textfield > textarea"),i=e.length;i--;)n(e[i]);l.onAnimationStart("mui-textfield-inserted",function(t){n(t.target)}),setTimeout(function(){var t=".mui-textfield.mui-textfield--float-label > label {"+["-webkit-transition","-moz-transition","-o-transition","transition",""].join(":all .15s ease-out;")+"}";a.loadStyle(t)},150),l.onAnimationStart("mui-textfield-autofill",function(t){r(t.target)}),!1===a.supportsPointerEvents()&&s.on(t,"click",function(t){var e=t.target;if("LABEL"===e.tagName&&s.hasClass(e.parentNode,"mui-textfield--float-label")){var i=e.previousElementSibling;i&&i.focus()}})}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}]},{},[1]); \ No newline at end of file +!function t(e,i,n){function o(s,a){if(!i[s]){if(!e[s]){var l="function"==typeof require&&require;if(!a&&l)return l(s,!0);if(r)return r(s,!0);throw new Error("Cannot find module '"+s+"'")}var u=i[s]={exports:{}};e[s][0].call(u.exports,function(t){var i=e[s][1][t];return o(i||t)},u,u.exports,t,e,i,n)}return i[s].exports}for(var r="function"==typeof require&&require,s=0;s input","mui-textfield-inserted"],[".mui-textfield > textarea","mui-textfield-inserted"],[".mui-textfield > input:-webkit-autofill","mui-textfield-autofill"],[".mui-textfield > textarea:-webkit-autofill","mui-textfield-autofill"],[".mui-select > select","mui-select-inserted"],[".mui-select > select ~ .mui-event-trigger","mui-node-inserted"],[".mui-select > select:disabled ~ .mui-event-trigger","mui-node-disabled"]],i="",n=0,o=e.length;nd&&(p=a+(i+1)*s-(-1*n+o+r),h=e*s+2*a-f,v=Math.min(p,h)),{height:f+"px",top:n+"px",scrollTop:v}}var o=15,r=32,s=42,a=8;e.exports={getMenuPositionalCSS:n}},{}],5:[function(t,e,i){"use strict";function n(t,e){if(e&&t.setAttribute){for(var i,n=h(t),o=e.split(" "),r=0;r-1}function s(t){if(void 0===t)return"undefined";var e=Object.prototype.toString.call(t);if(0===e.indexOf("[object "))return e.slice(8,-1).toLowerCase();throw new Error("MUI: Could not understand type: "+e)}function a(t,e,i,n){n=void 0!==n&&n;var o=t._muiEventCache=t._muiEventCache||{};e.split(" ").map(function(e){t.addEventListener(e,i,n),o[e]=o[e]||[],o[e].push([i,n])})}function l(t,e,i,n){n=void 0!==n&&n;var o,r,s,a=t._muiEventCache=t._muiEventCache||{};e.split(" ").map(function(e){for(o=a[e]||[],s=o.length;s--;)r=o[s],(void 0===i||r[0]===i&&r[1]===n)&&(o.splice(s,1),t.removeEventListener(e,r[0],r[1]))})}function u(t,e,i,n){e.split(" ").map(function(e){a(t,e,function o(r){i&&i.apply(this,arguments),l(t,e,o,n)},n)})}function c(t,e){var i=window;if(void 0===e){if(t===i){var n=document.documentElement;return(i.pageXOffset||n.scrollLeft)-(n.clientLeft||0)}return t.scrollLeft}t===i?i.scrollTo(e,d(i)):t.scrollLeft=e}function d(t,e){var i=window;if(void 0===e){if(t===i){var n=document.documentElement;return(i.pageYOffset||n.scrollTop)-(n.clientTop||0)}return t.scrollTop}t===i?i.scrollTo(c(i),e):t.scrollTop=e}function m(t){var e=window,i=t.getBoundingClientRect(),n=d(e),o=c(e);return{top:i.top+n,left:i.left+o,height:i.height,width:i.width}}function f(t){var e=!1,i=!0,n=document,o=n.defaultView,r=n.documentElement,s=n.addEventListener?"addEventListener":"attachEvent",a=n.addEventListener?"removeEventListener":"detachEvent",l=n.addEventListener?"":"on",u=function(i){"readystatechange"==i.type&&"complete"!=n.readyState||(("load"==i.type?o:n)[a](l+i.type,u,!1),!e&&(e=!0)&&t.call(o,i.type||i))},c=function(){try{r.doScroll("left")}catch(t){return void setTimeout(c,50)}u("poll")};if("complete"==n.readyState)t.call(o,"lazy");else{if(n.createEventObject&&r.doScroll){try{i=!o.frameElement}catch(t){}i&&c()}n[s](l+"DOMContentLoaded",u,!1),n[s](l+"readystatechange",u,!1),o[s](l+"load",u,!1)}}function p(t,e){if(e&&t.setAttribute){for(var i,n=h(t),o=e.split(" "),r=0;r=0;)n=n.replace(" "+i+" "," ");t.setAttribute("class",n.trim())}}function h(t){return" "+(t.getAttribute("class")||"").replace(/[\n\t]/g,"")+" "}function v(t){return t.replace(g,function(t,e,i,n){return n?i.toUpperCase():i}).replace(y,"Moz$1")}function b(t,e,i){var n;return n=i.getPropertyValue(e),""!==n||t.ownerDocument||(n=t.style[v(e)]),n}var g=/([\:\-\_]+(.))/g,y=/^moz([A-Z])/;e.exports={addClass:n,css:o,hasClass:r,off:l,offset:m,on:a,one:u,ready:f,removeClass:p,type:s,scrollLeft:c,scrollTop:d}},{}],6:[function(t,e,i){"use strict";function n(){var t=window;if(g.debug&&void 0!==t.console)try{t.console.log.apply(t.console,arguments)}catch(i){var e=Array.prototype.slice.call(arguments);t.console.log(e.join("\n"))}}function o(t){var e,i=document;e=i.head||i.getElementsByTagName("head")[0]||i.documentElement;var n=i.createElement("style");return n.type="text/css",n.styleSheet?n.styleSheet.cssText=t:n.appendChild(i.createTextNode(t)),e.insertBefore(n,e.firstChild),n}function r(t,e){if(!e)throw new Error("MUI: "+t);"undefined"!=typeof console&&console.error("MUI Warning: "+t)}function s(t){var e="";for(var i in t)e+=t[i]?i+" ":"";return e.trim()}function a(){if(void 0!==b)return b;var t=document.createElement("x");return t.style.cssText="pointer-events:auto",b="auto"===t.style.pointerEvents}function l(t,e){return function(){t[e].apply(t,arguments)}}function u(t,e,i,n,o){var r,s=document.createEvent("HTMLEvents"),i=void 0===i||i,n=void 0===n||n;if(s.initEvent(e,i,n),o)for(r in o)s[r]=o[r];return t&&t.dispatchEvent(s),s}function c(){if(1===(C+=1)){var t,e,i,n=document,r=window,s=n.documentElement,a=n.body,l=x();t=["overflow:hidden"],l&&(s.scrollHeight>s.clientHeight&&(i=parseInt(y.css(a,"padding-right"))+l,t.push("padding-right:"+i+"px")),s.scrollWidth>s.clientWidth&&(i=parseInt(y.css(a,"padding-bottom"))+l,t.push("padding-bottom:"+i+"px"))),e="."+E+"{",e+=t.join(" !important;")+" !important;}",p=o(e),y.on(r,"scroll",h,!0),f={left:y.scrollLeft(r),top:y.scrollTop(r)},y.addClass(a,E)}}function d(t){0!==C&&0===(C-=1)&&(y.removeClass(document.body,E),p.parentNode.removeChild(p),t&&window.scrollTo(f.left,f.top),y.off(window,"scroll",h,!0))}function m(t){var e=window.requestAnimationFrame;e?e(t):setTimeout(t,0)}var f,p,h,v,b,g=t("../config"),y=t("./jqLite"),C=0,E="mui-scroll-lock";h=function(t){t.target.tagName||t.stopImmediatePropagation()};var x=function(){if(void 0!==v)return v;var t=document,e=t.body,i=t.createElement("div");return i.innerHTML='
',i=i.firstChild,e.appendChild(i),v=i.offsetWidth-i.clientWidth,e.removeChild(i),v};e.exports={callback:l,classNames:s,disableScrollLock:d,dispatchEvent:u,enableScrollLock:c,log:n,loadStyle:o,raiseError:r,requestAnimationFrame:m,supportsPointerEvents:a}},{"../config":2,"./jqLite":5}],7:[function(t,e,i){"use strict";function n(t){if(!0!==t._muiDropdown){t._muiDropdown=!0;var e=t.tagName;"INPUT"!==e&&"BUTTON"!==e||t.hasAttribute("type")||(t.type="button"),s.on(t,"click",o)}}function o(t){if(0===t.button){var e=this;null===e.getAttribute("disabled")&&r(e)}}function r(t){function e(){s.removeClass(n,u),s.off(o,"click",e)}var i=t.parentNode,n=t.nextElementSibling,o=i.ownerDocument;if(!n||!s.hasClass(n,c))return a.raiseError("Dropdown menu element not found");s.hasClass(n,u)?e():function(){var r=i.getBoundingClientRect(),a=t.getBoundingClientRect(),l=a.top-r.top+a.height;s.css(n,"top",l+"px"),s.addClass(n,u),setTimeout(function(){s.on(o,"click",e)},0)}()}var s=t("./lib/jqLite"),a=t("./lib/util"),l=t("./lib/animationHelpers"),u="mui--is-open",c="mui-dropdown__menu";e.exports={initListeners:function(){for(var t=document.querySelectorAll('[data-mui-toggle="dropdown"]'),e=t.length;e--;)n(t[e]);l.onAnimationStart("mui-dropdown-inserted",function(t){n(t.target)})}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}],8:[function(t,e,i){e.exports=t(5)},{}],9:[function(t,e,i){"use strict";function n(t){var e;if("on"===t){for(var i,n,s,a=arguments.length-1;a>0;a--)i=arguments[a],"object"===p.type(i)&&(n=i),i instanceof Element&&1===i.nodeType&&(s=i);n=n||{},void 0===n.keyboard&&(n.keyboard=!0),void 0===n.static&&(n.static=!1),e=o(n,s)}else"off"===t?e=r():f.raiseError("Expecting 'on' or 'off'");return e}function o(t,e){var i=document,n=i.body,o=i.getElementById(h);if(i.activeElement&&(m=i.activeElement),f.enableScrollLock(),o){for(;o.firstChild;)o.removeChild(o.firstChild);e&&o.appendChild(e)}else o=i.createElement("div"),o.setAttribute("id",h),o.setAttribute("tabindex","-1"),e&&o.appendChild(e),n.appendChild(o);return v.test(navigator.userAgent)&&p.css(o,"cursor","pointer"),t.keyboard?s():a(),t.static?c(o):u(o),o.muiOptions=t,o.focus(),o}function r(){var t,e=document.getElementById(h);if(e){for(;e.firstChild;)e.removeChild(e.firstChild);e.parentNode.removeChild(e),t=e.muiOptions.onclose,c(e)}return f.disableScrollLock(),a(),m&&m.focus(),t&&t(),e}function s(){p.on(document,"keyup",l)}function a(){p.off(document,"keyup",l)}function l(t){27===t.keyCode&&r()}function u(t){p.on(t,"click",d)}function c(t){p.off(t,"click",d)}function d(t){t.target.id===h&&r()}var m,f=t("./lib/util"),p=t("./lib/jqLite"),h="mui-overlay",v=/(iPad|iPhone|iPod)/g;e.exports=n},{"./lib/jqLite":5,"./lib/util":6}],10:[function(t,e,i){"use strict";function n(t){!0!==t._muiRipple&&(t._muiRipple=!0,"INPUT"!==t.tagName&&s.on(t,c,o))}function o(t){if("mousedown"!==t.type||0===t.button){var e=this,i=e._rippleEl;if(!e.disabled){if(!i){var n=document.createElement("span");n.className="mui-btn__ripple-container",n.innerHTML='',e.appendChild(n),i=e._rippleEl=n.children[0],s.on(e,d,r)}var o,l,u=s.offset(e),c="touchstart"===t.type?t.touches[0]:t;o=Math.sqrt(u.height*u.height+u.width*u.width),l=2*o+"px",s.css(i,{width:l,height:l,top:Math.round(c.pageY-u.top-o)+"px",left:Math.round(c.pageX-u.left-o)+"px"}),s.removeClass(i,"mui--is-animating"),s.addClass(i,"mui--is-visible"),a.requestAnimationFrame(function(){s.addClass(i,"mui--is-animating")})}}}function r(t){var e=this._rippleEl;a.requestAnimationFrame(function(){s.removeClass(e,"mui--is-visible")})}var s=t("./lib/jqLite"),a=t("./lib/util"),l=t("./lib/animationHelpers"),u="ontouchstart"in document.documentElement,c=u?"touchstart":"mousedown",d=u?"touchend":"mouseup mouseleave";e.exports={initListeners:function(){for(var t=document.getElementsByClassName("mui-btn"),e=t.length;e--;)n(t[e]);l.onAnimationStart("mui-btn-inserted",function(t){n(t.target)})}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}],11:[function(t,e,i){"use strict";function n(t){if(!0!==t._muiSelect&&(t._muiSelect=!0,!("ontouchstart"in v.documentElement))){var e=t.parentNode;e._selectEl=t,e._menu=null,e._q="",e._qTimeout=null,t.disabled||(e.tabIndex=0),t.tabIndex=-1,d.on(t,"mousedown",o),d.on(e,"click",l),d.on(e,"blur focus",r),d.on(e,"keydown",s),d.on(e,"keypress",a);var i=document.createElement("div");i.className="mui-event-trigger",e.appendChild(i),d.on(i,f.animationEvents,function(t){t.stopPropagation(),"mui-node-disabled"===t.animationName?t.target.parentNode.removeAttribute("tabIndex"):t.target.parentNode.tabIndex=0})}}function o(t){0===t.button&&t.preventDefault()}function r(t){m.dispatchEvent(this._selectEl,t.type,!1,!1)}function s(t){if(!t.defaultPrevented){var e=t.keyCode,i=this._menu;if(i){if(9===e)return i.destroy();27!==e&&40!==e&&38!==e&&13!==e||t.preventDefault(),27===e?i.destroy():40===e?i.increment():38===e?i.decrement():13===e&&(i.selectCurrent(),i.destroy())}else 32!==e&&38!==e&&40!==e||(t.preventDefault(),u(this))}}function a(t){var e=this._menu;if(!t.defaultPrevented&&e){var i=this;clearTimeout(this._qTimeout),this._q+=t.key,this._qTimeout=setTimeout(function(){i._q=""},300);var n,o=new RegExp("^"+this._q,"i"),r=e.itemArray;for(n in r)if(o.test(r[n].innerText)){e.selectPos(n);break}}}function l(t){0!==t.button||this._selectEl.disabled||(this.focus(),u(this))}function u(t){t._menu||(t._menu=new c(t,t._selectEl,function(){t._menu=null,t.focus()}))}function c(t,e,i){m.enableScrollLock(),this.itemArray=[],this.origPos=null,this.currentPos=null,this.selectEl=e,this.wrapperEl=t,this.menuEl=this._createMenuEl(t,e);var n=m.callback;this.onClickCB=n(this,"onClick"),this.destroyCB=n(this,"destroy"),this.wrapperCallbackFn=i,t.appendChild(this.menuEl),d.scrollTop(this.menuEl,this.menuEl._scrollTop);var o=this.destroyCB;d.on(this.menuEl,"click",this.onClickCB),d.on(b,"resize",o),setTimeout(function(){d.on(v,"click",o)},0)}var d=t("./lib/jqLite"),m=t("./lib/util"),f=t("./lib/animationHelpers"),p=t("./lib/forms"),h="mui--is-selected",v=document,b=window;c.prototype._createMenuEl=function(t,e){var i,n,o,r,s,a,l,u,c=v.createElement("div"),m=e.children,f=this.itemArray,b=0,g=0,y=0,C=document.createDocumentFragment();for(c.className="mui-select__menu",s=0,a=m.length;s select"),e=t.length;e--;)n(t[e]);f.onAnimationStart("mui-select-inserted",function(t){n(t.target)})}}},{"./lib/animationHelpers":3,"./lib/forms":4,"./lib/jqLite":5,"./lib/util":6}],12:[function(t,e,i){"use strict";function n(t){!0!==t._muiTabs&&(t._muiTabs=!0,a.on(t,"click",o))}function o(t){if(0===t.button){var e=this;null===e.getAttribute("disabled")&&r(e)}}function r(t){var e,i,n,o,r,u,v,b,g,y=t.parentNode,C=t.getAttribute(c),E=document.getElementById(C);a.hasClass(y,d)||(E||l.raiseError('Tab pane "'+C+'" not found'),i=s(E),n=i.id,g="["+c+'="'+n+'"]',o=document.querySelectorAll(g)[0],e=o.parentNode,r={paneId:C,relatedPaneId:n},u={paneId:n,relatedPaneId:C},v=l.dispatchEvent(o,p,!0,!0,u),b=l.dispatchEvent(t,m,!0,!0,r),setTimeout(function(){v.defaultPrevented||b.defaultPrevented||(e&&a.removeClass(e,d),i&&a.removeClass(i,d),a.addClass(y,d),a.addClass(E,d),l.dispatchEvent(o,h,!0,!1,u),l.dispatchEvent(t,f,!0,!1,r))},0))}function s(t){for(var e,i=t.parentNode.children,n=i.length,o=null;n--&&!o;)(e=i[n])!==t&&a.hasClass(e,d)&&(o=e);return o}var a=t("./lib/jqLite"),l=t("./lib/util"),u=t("./lib/animationHelpers"),c="data-mui-controls",d="mui--is-active",m="mui.tabs.showstart",f="mui.tabs.showend",p="mui.tabs.hidestart",h="mui.tabs.hideend";e.exports={initListeners:function(){for(var t=document.querySelectorAll('[data-mui-toggle="tab"]'),e=t.length;e--;)n(t[e]);u.onAnimationStart("mui-tab-inserted",function(t){n(t.target)})},api:{activate:function(t){var e="["+c+"="+t+"]",i=document.querySelectorAll(e);i.length||l.raiseError('Tab control for pane "'+t+'" not found'),r(i[0])}}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}],13:[function(t,e,i){"use strict";function n(t){!0!==t._muiTextfield&&(t._muiTextfield=!0,t.value.length?s.addClass(t,p):s.addClass(t,f),s.addClass(t,c+" "+d),s.on(t,"blur",function e(){document.activeElement!==t&&(s.removeClass(t,c),s.addClass(t,u),s.off(t,"blur",e))}),s.one(t,"input change",function(){s.removeClass(t,d),s.addClass(t,m)}),s.on(t,"input change",o))}function o(){var t=this;t.value.length?(s.removeClass(t,f),s.addClass(t,p)):(s.removeClass(t,p),s.addClass(t,f))}function r(t){!0===t._muiTextfield&&o.call(t)}var s=t("./lib/jqLite"),a=t("./lib/util"),l=t("./lib/animationHelpers"),u="mui--is-touched",c="mui--is-untouched",d="mui--is-pristine",m="mui--is-dirty",f="mui--is-empty",p="mui--is-not-empty";e.exports={initialize:n,initListeners:function(){for(var t=document,e=t.querySelectorAll(".mui-textfield > input, .mui-textfield > textarea"),i=e.length;i--;)n(e[i]);l.onAnimationStart("mui-textfield-inserted",function(t){n(t.target)}),setTimeout(function(){var t=".mui-textfield.mui-textfield--float-label > label {"+["-webkit-transition","-moz-transition","-o-transition","transition",""].join(":all .15s ease-out;")+"}";a.loadStyle(t)},150),l.onAnimationStart("mui-textfield-autofill",function(t){r(t.target)}),!1===a.supportsPointerEvents()&&s.on(t,"click",function(t){var e=t.target;if("LABEL"===e.tagName&&s.hasClass(e.parentNode,"mui-textfield--float-label")){var i=e.previousElementSibling;i&&i.focus()}})}}},{"./lib/animationHelpers":3,"./lib/jqLite":5,"./lib/util":6}]},{},[1]); diff --git a/dashboard/templates/icons/alert.svg b/dashboard/templates/icons/alert.svg index dd21c1c9..b1baf21c 100644 --- a/dashboard/templates/icons/alert.svg +++ b/dashboard/templates/icons/alert.svg @@ -1,2 +1 @@ - diff --git a/dashboard/templates/icons/arrow-right.svg b/dashboard/templates/icons/arrow-right.svg index 976cc46a..5064d793 100644 --- a/dashboard/templates/icons/arrow-right.svg +++ b/dashboard/templates/icons/arrow-right.svg @@ -1,2 +1 @@ - diff --git a/dashboard/templates/icons/info.svg b/dashboard/templates/icons/info.svg index b512f2c6..99a54608 100644 --- a/dashboard/templates/icons/info.svg +++ b/dashboard/templates/icons/info.svg @@ -1,2 +1 @@ - diff --git a/dashboard/templates/icons/notification.svg b/dashboard/templates/icons/notification.svg index 623b572e..b47ced44 100644 --- a/dashboard/templates/icons/notification.svg +++ b/dashboard/templates/icons/notification.svg @@ -1,2 +1 @@ - diff --git a/docs/alert-center.md b/docs/alert-center.md index 434e4012..05e6f560 100644 --- a/docs/alert-center.md +++ b/docs/alert-center.md @@ -18,7 +18,7 @@ It is also important to understand the alert may not always been seen by the use ### Alert risk level -The alert risk levels are standardized and defined by the [Standard Levels](https://wiki.mozilla.org/Security/Standard_Levels) +The alert risk levels are standardized and defined by the [Standard Levels](https://wiki.mozilla.org/Security/Standard_Levels) This is a summary for convenience (refer to the above link for up-to-date 'official' information and complete definitions). @@ -72,7 +72,7 @@ We want to account for a user having a lot of alerts all at once. Let's say that as a user I am part of a major data breach, my house gets robbed, and attackers are logging in with one of my 2FA device(s) and password all over the globe. Instead of spamming the user, there should be a single dialog aggregating all alerts, such as: -> Important: You have 52 high and maximum risk alerts. View notification center. _or something like that_ +> Important: You have 52 high and maximum risk alerts. View notification center. _or something like that_ ### Remembering false-positives diff --git a/docs/architecture.mermaid b/docs/architecture.mermaid index 12d3d037..6131b10c 100644 --- a/docs/architecture.mermaid +++ b/docs/architecture.mermaid @@ -12,4 +12,4 @@ container --> dynamodb_table[alert_data via dynamo] cdn[cdn.sso.mozilla.com] --> access_file(apps.yml) -cdn[cdn.sso.mozilla.com] --> images(img, css, js) \ No newline at end of file +cdn[cdn.sso.mozilla.com] --> images(img, css, js) diff --git a/docs/development.md b/docs/development.md index 981f56a6..ee99571a 100644 --- a/docs/development.md +++ b/docs/development.md @@ -55,4 +55,4 @@ In the event that CI/CD is broken you may manually build the dashboard and relea ## Debugging a Failed Release -In order to debug a failed release you will need access to Graylog at `https://graylog.infra.iam.mozilla.com/search` stdout and stderr are shipped there. \ No newline at end of file +In order to debug a failed release you will need access to Graylog at `https://graylog.infra.iam.mozilla.com/search` stdout and stderr are shipped there. From 5940b783a182e041e91385dd3d8f7a105bfaa457 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Mon, 12 Jun 2023 20:48:16 -0400 Subject: [PATCH 137/141] Add pre-commit config --- .pre-commit-config.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .pre-commit-config.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..53747ce0 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,15 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.2.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files + +- repo: https://github.com/psf/black + rev: 22.10.0 + hooks: + - id: black From 44db40f368a9b9143a82366c69d8b1d0c2431a66 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Tue, 13 Jun 2023 11:40:28 -0400 Subject: [PATCH 138/141] Move samesite to lax --- dashboard/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/config.py b/dashboard/config.py index ff1eb307..9cd3ddbb 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -25,7 +25,7 @@ class DefaultConfig(object): PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) - SESSION_COOKIE_SAMESITE = CONFIG("session_cookie_samesite", namespace="sso-dashboard", default="strict") + SESSION_COOKIE_SAMESITE = CONFIG("session_cookie_samesite", namespace="sso-dashboard", default="lax") SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) LOGGER_NAME = CONFIG("logger_name", namespace="sso-dashboard", default="sso-dashboard") From 9c25636a0a95e63e5dfdac030b4bc4b234129784 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Wed, 21 Jun 2023 13:16:51 -0400 Subject: [PATCH 139/141] Include fix to truncate app names --- .github/workflows/main.yml | 2 +- dashboard/op/yaml_loader.py | 7 ++ dashboard/static/css/base.scss | 167 +++++++++++++++++---------------- 3 files changed, 95 insertions(+), 81 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c72b4d72..cf94aed9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,7 @@ env: GAR_LOCATION: us-east1 PROJECT_ID: iam-auth0 REGION: us-east1 - CHANNEL_IDS: G01AC4VU4UV + CHANNEL_IDS: C05AMLCL4JX SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}} jobs: diff --git a/dashboard/op/yaml_loader.py b/dashboard/op/yaml_loader.py index 38d3def8..c3987a6d 100644 --- a/dashboard/op/yaml_loader.py +++ b/dashboard/op/yaml_loader.py @@ -30,6 +30,7 @@ def _load_data(self): def _render_data(self): for app in self.apps["apps"]: app["application"]["alt_text"] = app["application"]["name"] + app["application"]["name"] = self._truncate(app["application"]["name"]) def _alphabetize(self): self.apps["apps"].sort(key=lambda a: a["application"]["name"].lower()) @@ -46,6 +47,12 @@ def _has_vanity(self, app): except Exception: return False + def _truncate(self, app_name): + """If name is longer than allowed 18 chars truncate the name.""" + app_name = (app_name[:16] + "..") if len(app_name) > 18 else app_name + + return app_name + def vanity_urls(self): redirects = [] for app in self.apps["apps"]: diff --git a/dashboard/static/css/base.scss b/dashboard/static/css/base.scss index de7b6f43..f0e3db13 100644 --- a/dashboard/static/css/base.scss +++ b/dashboard/static/css/base.scss @@ -1,38 +1,33 @@ -:root { - --logo-width: 130px; - --logo-padding: 10px; - --logo-border: 1px; -} @font-face { - font-family: "Open Sans"; + font-family: 'Open Sans'; font-weight: normal; font-style: normal; - src: url("../../fonts/opensans-regular.woff2") format("woff2"), - url("../../fonts/opensans-regular.woff") format("woff"); + src: url('../../fonts/opensans-regular.woff2') format('woff2'), + url('../../fonts/opensans-regular.woff') format('woff'); } @font-face { - font-family: "Open Sans"; + font-family: 'Open Sans'; font-weight: bold; font-style: normal; - src: url("../../fonts/opensans-bold.woff2") format("woff2"), - url("../../fonts/opensans-bold.woff") format("woff"); + src: url('../../fonts/opensans-bold.woff2') format('woff2'), + url('../../fonts/opensans-bold.woff') format('woff'); } @font-face { - font-family: "Open Sans"; + font-family: 'Open Sans'; font-weight: normal; font-style: italic; - src: url("../../fonts/opensans-italic.woff2") format("woff2"), - url("../../fonts/opensans-italic.woff") format("woff"); + src: url('../../fonts/opensans-italic.woff2') format('woff2'), + url('../../fonts/opensans-italic.woff') format('woff'); } @font-face { - font-family: "Open Sans"; + font-family: 'Open Sans'; font-weight: bold; font-style: italic; - src: url("../../fonts/opensans-bolditalic.woff2") format("woff2"), - url("../../fonts/opensans-bolditalic.woff") format("woff"); + src: url('../../fonts/opensans-bolditalic.woff2') format('woff2'), + url('../../fonts/opensans-bolditalic.woff') format('woff'); } $gray: #808080; @@ -43,10 +38,8 @@ $bggray: #f8f8f8; $yellow: #faba00; $blue: #229dc4; $red: #d04437; - $appbar-height: 70px; - -$alert-low: #cccccc; +$alert-low: #ccc; $alert-medium: #4a6785; $alert-high: #ffd351; $alert-maximum: #d04437; @@ -63,7 +56,7 @@ body { margin: 0; font-size: 16px; line-height: 1.4; - font-family: "Open Sans", sans-serif; + font-family: 'Open Sans', sans-serif; letter-spacing: 0.03em; } @@ -124,6 +117,7 @@ body { &:active, &:focus { + &::placeholder { color: white; } @@ -141,6 +135,7 @@ body { cursor: pointer; &.yellow-border { + g { fill: $yellow; } @@ -194,9 +189,9 @@ body { .alerts-count { background-color: $red; - width: 0.8em; - height: 0.8em; - border-radius: 0.8em; + width: .8em; + height: .8em; + border-radius: .8em; position: absolute; top: 10px; right: 50px; @@ -286,7 +281,7 @@ body { #alert-nightly { display: none; - @media all and (max-width: 767px) { + @media all and (width <= 767px) { visibility: hidden; padding: 0; height: 0; @@ -303,7 +298,7 @@ body { overflow: hidden; // establish a new block formatting context // this is the width which comfortably fits a risk indicator and text content - @media (min-width: 40em) { + @media (width >= 40em) { padding: 0.5em 1em; } @@ -343,7 +338,7 @@ body { text-align: center; margin: 1em 0; - @media (min-width: 40em) { + @media (width >= 40em) { position: absolute; left: 1em; top: 1em; @@ -351,7 +346,7 @@ body { } span { - font-size: 0.8em; + font-size: .8em; } } @@ -359,15 +354,15 @@ body { margin: 1em 0; max-width: 60em; - @media (min-width: 40em) { + @media (width >= 40em) { margin: 1em auto; padding-left: 11em; /* always have space for abs pos risk indicator */ - padding-right: 11em; /* balance space on left*/ + padding-right: 11em; /* balance space on left */ } } .alert-message { - @media all and (max-width: 767px) { + @media all and (width <= 767px) { margin-bottom: 10px; } @@ -382,7 +377,7 @@ body { .closebtn { color: white; - opacity: 0.8; + opacity: .8; font-size: 2em; line-height: 20px; cursor: pointer; @@ -427,6 +422,7 @@ body { } .alert[data-loading] { + .loading-indicator { display: block; } @@ -441,7 +437,7 @@ body { } .btn-alert { - padding: 0.5em 1em; + padding: .5em 1em; background: white; border: 1px solid black; font-family: inherit; @@ -449,7 +445,7 @@ body { color: black; text-decoration: none; border-radius: 1.5em; - margin: 0.5em; + margin: .5em; transition: background-color 0.2s ease-in-out; &:first-of-type { @@ -474,7 +470,7 @@ body { svg { display: inline-block; vertical-align: middle; - margin-right: 0.5em; + margin-right: .5em; path { fill: #000; @@ -492,11 +488,10 @@ body { padding-left: 0; list-style: none; display: flex; - flex-direction: row; - flex-wrap: wrap; + flex-flow: row wrap; justify-content: center; - @media all and (max-width: 767px) { + @media all and (width <= 767px) { width: 100%; margin: auto; } @@ -527,18 +522,18 @@ body { .app-logo { background-color: white; - border: var(--logo-border) solid $lightgray; - padding: var(--logo-padding); - width: var(--logo-width); - height: var(--logo-width); + border: 1px solid $lightgray; + padding: 10px; + width: 130px; + height: 130px; display: table-cell; vertical-align: middle; img { display: block; margin: 0 auto; - max-width: calc(var(--logo-width) - 10px); - max-height: calc(var(--logo-width) - 10px); + max-width: 120px; + max-height: 120px; } &.yellow-border { @@ -549,19 +544,13 @@ body { .app-name { color: black; margin: 10px 0; - text-overflow: ellipsis; - white-space: nowrap; - overflow: hidden; - width: calc( - var(--logo-width) + (var(--logo-padding) * 2) + - (var(--logo-border) * 2) - ); } } } } .notifications { + h1 { color: black; display: inline-block; @@ -584,9 +573,9 @@ body { color: white; display: inline-block; font-weight: bold; - margin-left: 0.5em; + margin-left: .5em; text-align: center; - font-size: 0.875em; + font-size: .875em; line-height: 1.4; } } @@ -594,7 +583,7 @@ body { .alert-panel { background-color: white; box-shadow: 7px 7px 0 0 #d3d3d3; - margin: 0 auto 40px auto; + margin: 0 auto 40px; max-width: 100%; width: 775px; @@ -632,7 +621,7 @@ body { color: var(--alert-color); background-color: var(--alert-bg-color); padding: 5px 35px; - font-size: 0.875em; + font-size: .875em; } border-bottom: 4px solid var(--alert-bg-color); @@ -642,7 +631,7 @@ body { padding: 32px; .alert-datetime { - font-size: 0.9em; + font-size: .9em; } .alert-summary { @@ -671,8 +660,8 @@ body { margin: 30px 0 0 10px; text-transform: none; - @media all and (max-width: 543px) { - margin: 20px 0 0 0; + @media all and (width <= 543px) { + margin: 20px 0 0; } img { @@ -686,7 +675,7 @@ body { .alert-survey { border-top: 2px solid $darkgray; text-align: left; - font-size: 0.875em; + font-size: .875em; .notifications & { border-top-color: $bggray; @@ -700,7 +689,7 @@ body { margin: 0 auto; max-width: 30em; - @media (min-width: 50em) { + @media (width >= 50em) { padding-left: 14em; } @@ -712,7 +701,7 @@ body { legend { margin: 1em 0 0; - @media (min-width: 50em) { + @media (width >= 50em) { margin: 1.5em 0; position: absolute; left: 0; @@ -746,13 +735,13 @@ body { } &:first-of-type { - @media (min-width: 50em) { + @media (width >= 50em) { border-radius: 2em 0 0 2em; } } &:last-of-type { - @media (min-width: 50em) { + @media (width >= 50em) { border-radius: 0 2em 2em 0; } } @@ -760,10 +749,10 @@ body { } .alert-timing { - margin: 0.5em 0 1.5em; + margin: .5em 0 1.5em; time { - font-size: 0.75em; + font-size: .75em; } } @@ -778,7 +767,7 @@ body { .panel { background-color: white; - box-shadow: 5px 5px 0 0 rgba(217, 217, 217, 1); + box-shadow: 5px 5px 0 0 rgb(217 217 217 / 100%); margin-top: 100px; padding: 40px 60px; text-align: center; @@ -798,7 +787,7 @@ body { &.notice { font-style: italic; - font-size: 0.8em; + font-size: .8em; } } @@ -866,7 +855,7 @@ footer { width: 20px; margin-right: 10px; display: inline-block; - opacity: 0.8; + opacity: .8; } a { @@ -909,6 +898,7 @@ footer { } &:last-child { + span { margin-bottom: 15px; } @@ -928,7 +918,7 @@ footer { color: $gray; img { - opacity: 0.3; + opacity: .3; } } @@ -976,7 +966,7 @@ footer { .panel { background-color: #f4f4f4; - box-shadow: 5px 5px 0 0 rgba(217, 217, 217, 1); + box-shadow: 5px 5px 0 0 rgb(217 217 217 / 100%); color: black; padding: 30px; position: relative; @@ -984,15 +974,15 @@ footer { width: 570px; max-width: 90%; - &:before { - content: " "; + &::before { + content: ' '; position: absolute; width: 0; height: 0; left: 30px; top: -40px; border: 25px solid; - border-color: transparent transparent #f4f4f4 transparent; + border-color: transparent transparent #f4f4f4; } h2 { @@ -1038,11 +1028,13 @@ footer { } .forbidden { + .panel { max-width: calc(100% - 60px); } .section { + .mui-btn { max-width: calc(100% - 100px); float: none; @@ -1056,9 +1048,12 @@ footer { } } -@media all and (max-width: 991px) { +@media all and (width <= 991px) { + .error-page { + .section { + .youtube { width: 340px; height: 191px; @@ -1067,17 +1062,20 @@ footer { } } -@media all and (max-width: 767px) { +@media all and (width <= 767px) { + .mui-appbar .filter .mui-textfield input { width: 240px; } .error-page { + .panel { max-width: calc(100% - 60px); } .section { + .mui-btn { max-width: calc(100% - 100px); float: none; @@ -1112,14 +1110,16 @@ footer { } } -@media all and (max-width: 543px) { +@media all and (width <= 543px) { $appbar-height: 80px; .mui-appbar { height: $appbar-height; &.menu-enabled { + > div { + &:first-child { width: 70px; } @@ -1179,7 +1179,7 @@ footer { display: inline-block; height: $appbar-height; width: $appbar-height; - background-image: url("../../img/search.svg"); + background-image: url('../../img/search.svg'); background-repeat: no-repeat; background-position: center center; background-size: 18px; @@ -1190,7 +1190,7 @@ footer { background-color: black; color: $lightgray; border-bottom: 1px solid black; - background-image: url("../../img/search-w.svg"); + background-image: url('../../img/search-w.svg'); } &.menu-enabled { @@ -1253,6 +1253,7 @@ footer { &:active, &:focus { + &::placeholder { color: black; } @@ -1269,6 +1270,7 @@ footer { padding: 10px; .app-grid { + .app-tile { margin: 10px; max-width: 122px; @@ -1288,6 +1290,7 @@ footer { } .logout { + .panel { margin-top: 20px; padding: 30px; @@ -1295,8 +1298,9 @@ footer { } footer { + .icon-container { - margin: 0.2em 1em; + margin: .2em 1em; .icon { display: flex; @@ -1322,9 +1326,12 @@ footer { } } -@media all and (max-width: 359px) { +@media all and (width <= 359px) { + .mui-appbar { + .menu { + &.enabled { width: 160px; From 301003f03df558c12fa58363f93ba15fb0a951c1 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 25 Jun 2023 01:02:13 -0400 Subject: [PATCH 140/141] Implement server-side sessions with redis --- clouddeploy/sso-dashboard-dev.template.yaml | 3 +++ clouddeploy/sso-dashboard-prod.template.yaml | 3 +++ .../sso-dashboard-staging.template.yaml | 3 +++ dashboard/app.py | 10 +++++++++ dashboard/config.py | 6 ++++- requirements.txt | 22 ++++++++++++++++++- 6 files changed, 45 insertions(+), 2 deletions(-) diff --git a/clouddeploy/sso-dashboard-dev.template.yaml b/clouddeploy/sso-dashboard-dev.template.yaml index 39b524fa..a4346895 100644 --- a/clouddeploy/sso-dashboard-dev.template.yaml +++ b/clouddeploy/sso-dashboard-dev.template.yaml @@ -27,6 +27,7 @@ spec: autoscaling.knative.dev/maxScale: '3' run.googleapis.com/cpu-throttling: 'false' run.googleapis.com/startup-cpu-boost: 'true' + run.googleapis.com/vpc-access-connector: 'redis-connector' spec: containers: - name: 'sso-dashboard' @@ -75,6 +76,8 @@ spec: value: sso-dashboard.configuration - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n" + - name: SSO-DASHBOARD_REDIS_CONNECTOR + value: 10.182.16.6:6379 - name: AWS_DEFAULT_REGION value: us-west-2 - name: ENVIRONMENT diff --git a/clouddeploy/sso-dashboard-prod.template.yaml b/clouddeploy/sso-dashboard-prod.template.yaml index 2d20b009..8ec1e48b 100644 --- a/clouddeploy/sso-dashboard-prod.template.yaml +++ b/clouddeploy/sso-dashboard-prod.template.yaml @@ -27,6 +27,7 @@ spec: autoscaling.knative.dev/maxScale: '3' run.googleapis.com/cpu-throttling: 'false' run.googleapis.com/startup-cpu-boost: 'true' + run.googleapis.com/vpc-access-connector: 'redis-connector' spec: containers: - name: 'sso-dashboard' @@ -75,6 +76,8 @@ spec: value: sso-dashboard.configuration - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n" + - name: SSO-DASHBOARD_REDIS_CONNECTOR + value: 10.182.16.6:6379 - name: AWS_DEFAULT_REGION value: us-west-2 - name: ENVIRONMENT diff --git a/clouddeploy/sso-dashboard-staging.template.yaml b/clouddeploy/sso-dashboard-staging.template.yaml index 1121150c..b2d5d069 100644 --- a/clouddeploy/sso-dashboard-staging.template.yaml +++ b/clouddeploy/sso-dashboard-staging.template.yaml @@ -27,6 +27,7 @@ spec: autoscaling.knative.dev/maxScale: '3' run.googleapis.com/cpu-throttling: 'false' run.googleapis.com/startup-cpu-boost: 'true' + run.googleapis.com/vpc-access-connector: 'redis-connector' spec: containers: - name: 'sso-dashboard' @@ -75,6 +76,8 @@ spec: value: sso-dashboard.configuration - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n" + - name: SSO-DASHBOARD_REDIS_CONNECTOR + value: 10.182.16.6:6379 - name: AWS_DEFAULT_REGION value: us-west-2 - name: ENVIRONMENT diff --git a/dashboard/app.py b/dashboard/app.py index 9dc8cf4c..d46d4c78 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -3,6 +3,7 @@ import logging.config import mimetypes import os +import redis import yaml from flask import Flask @@ -15,8 +16,12 @@ from flask_assets import Bundle from flask_assets import Environment +from flask_kvsession import KVSessionExtension from flask_talisman import Talisman +from simplekv.memory.redisstore import RedisStore +from simplekv.decorator import PrefixDecorator + from dashboard import oidc_auth from dashboard import config from dashboard import get_config @@ -52,6 +57,11 @@ app_list = S3Transfer(config.Config(app).settings) app_list.sync_config() +# Activate server-side redis sesssion KV +store = RedisStore(redis.StrictRedis(host=app.config["REDIS_CONNECTOR"])) +prefixed_store = PrefixDecorator(app.config["SERVER_NAME"] + "_", store) +KVSessionExtension(store, app) + assets = Environment(app) js = Bundle("js/base.js", filters="jsmin", output="js/gen/packed.js") assets.register("js_all", js) diff --git a/dashboard/config.py b/dashboard/config.py index 9cd3ddbb..5c357c64 100644 --- a/dashboard/config.py +++ b/dashboard/config.py @@ -1,5 +1,6 @@ """Configuration loader for different environments.""" import base64 +import datetime from dashboard import get_config CONFIG = get_config() @@ -23,7 +24,8 @@ class DefaultConfig(object): TESTING = bool(CONFIG("testing", namespace="sso-dashboard", default="False")) CSRF_ENABLED = bool(CONFIG("csrf_enabled", default="True")) PERMANENT_SESSION = bool(CONFIG("permanent_session", namespace="sso-dashboard", default="True")) - PERMANENT_SESSION_LIFETIME = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) + seconds = int(CONFIG("permanent_session_lifetime", namespace="sso-dashboard", default="86400")) + PERMANENT_SESSION_LIFETIME = datetime.timedelta(seconds=seconds) SESSION_COOKIE_SAMESITE = CONFIG("session_cookie_samesite", namespace="sso-dashboard", default="lax") SESSION_COOKIE_HTTPONLY = bool(CONFIG("session_cookie_httponly", namespace="sso-dashboard", default="True")) @@ -45,6 +47,8 @@ class DefaultConfig(object): PREFERRED_URL_SCHEME = CONFIG("preferred_url_scheme", namespace="sso-dashboard", default="https") + REDIS_CONNECTOR = CONFIG("redis_connector", namespace="sso-dashboard") + class OIDCConfig(object): """Convienience Object for returning required vars to flask.""" diff --git a/requirements.txt b/requirements.txt index dc48a990..e5c8efa7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,25 +1,34 @@ +async-timeout==4.0.2 Beaker==1.12.1 boto3==1.26.142 botocore==1.29.142 +cachetools==5.3.1 certifi==2023.5.7 cffi==1.15.1 +cfgv==3.3.1 +chardet==5.1.0 charset-normalizer==3.1.0 click==8.1.3 +colorama==0.4.6 configobj==5.0.8 cryptography==40.0.2 cssmin==0.2.0 defusedxml==0.7.1 +distlib==0.3.6 ecdsa==0.18.0 everett==3.2.0 Faker==18.9.0 +filelock==3.12.1 Flask==2.2.5 Flask-Assets==2.0 +Flask-KVSession==0.6.2 Flask-pyoidc==3.13.0 flask-talisman==1.0.0 future==0.18.3 gevent==22.10.2 greenlet==2.0.2 gunicorn==20.1.0 +identify==2.5.24 idna==3.4 importlib-metadata==6.6.0 importlib-resources==5.12.0 @@ -31,23 +40,34 @@ jsmin==3.0.1 Mako==1.2.4 MarkupSafe==2.1.2 moto==4.1.10 +nodeenv==1.8.0 oic==1.4.0 +packaging==23.1 +platformdirs==3.5.3 +pluggy==1.0.0 +pre-commit==2.21.0 pyasn1==0.5.0 pycparser==2.21 pycryptodomex==3.18.0 pyjwkest==1.4.2 pyOpenSSL==23.1.1 +pyproject_api==1.5.1 python-dateutil==2.8.2 python-jose==3.3.0 PyYAML==6.0 +redis==4.5.5 requests==2.31.0 responses==0.23.1 rsa==4.9 s3transfer==0.6.1 +simplekv==0.14.1 six==1.16.0 +tomli==2.0.1 +tox==4.6.0 types-PyYAML==6.0.12.10 -typing_extensions==4.6.2 +typing_extensions==4.6.3 urllib3==1.26.16 +virtualenv==20.23.0 webassets==2.0 Werkzeug==2.2.3 xmltodict==0.13.0 From 791258a36f857b9e097f1fa1ced8851ee1d35136 Mon Sep 17 00:00:00 2001 From: Jake Watkins Date: Sun, 25 Jun 2023 01:29:08 -0400 Subject: [PATCH 141/141] Properly split redis host and port string --- dashboard/app.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dashboard/app.py b/dashboard/app.py index d46d4c78..c1d84960 100644 --- a/dashboard/app.py +++ b/dashboard/app.py @@ -58,7 +58,8 @@ app_list.sync_config() # Activate server-side redis sesssion KV -store = RedisStore(redis.StrictRedis(host=app.config["REDIS_CONNECTOR"])) +redis_host, redis_port = app.config["REDIS_CONNECTOR"].split(":") +store = RedisStore(redis.StrictRedis(host=redis_host, port=redis_port)) prefixed_store = PrefixDecorator(app.config["SERVER_NAME"] + "_", store) KVSessionExtension(store, app)