Merge branch 'master' into cg_165642614_add_vault_to_compare_script

.circleci/config.yml

@@ -187,6 +187,7 @@ commands:
             LOGIN_GOV_MY_CLIENT_ID: urn:gov:gsa:openidconnect.profiles:sp:sso:dod:mymovemillocal
             LOGIN_GOV_OFFICE_CLIENT_ID: urn:gov:gsa:openidconnect.profiles:sp:sso:dod:officemovemillocal
             LOGIN_GOV_TSP_CLIENT_ID: urn:gov:gsa:openidconnect.profiles:sp:sso:dod:tspmovemillocal
+            LOGIN_GOV_ADMIN_CLIENT_ID: urn:gov:gsa:openidconnect.profiles:sp:sso:dod:adminmovemillocal
             LOGIN_GOV_HOSTNAME: idp.int.identitysandbox.gov
             HERE_MAPS_GEOCODE_ENDPOINT: https://geocoder.cit.api.here.com/6.2/geocode.json
             HERE_MAPS_ROUTING_ENDPOINT: https://route.cit.api.here.com/routing/7.2/calculateroute.json

.envrc

@@ -47,6 +47,17 @@ check_required_variables() {
   fi
 }
 
+#############################
+# Load Secrets from Chamber #
+#############################
+
+# Loads secrets from chamber instead of requiring them to be listed in .envrc.local
+
+if [ -e .envrc.chamber ]; then
+  source_env .envrc.chamber
+else
+  log_status "Want to load secrets from chamber? 'cp .envrc.chamber.template .envrc.chamber'"
+fi
 
 #########################
 # Project Configuration #
@@ -84,9 +95,10 @@ export LOGIN_GOV_CALLBACK_PORT="3000"
 export LOGIN_GOV_MY_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:mymovemillocal"
 export LOGIN_GOV_OFFICE_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:officemovemillocal"
 export LOGIN_GOV_TSP_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:tspmovemillocal"
+export LOGIN_GOV_ADMIN_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:adminmovemillocal"
 export LOGIN_GOV_HOSTNAME="idp.int.identitysandbox.gov"
 
-require LOGIN_GOV_SECRET_KEY "See https://docs.google.com/document/d/148RzqgaQbhOxXd4z_xuj5Jz8JNETThrn7RVFmMqXFvk"
+require LOGIN_GOV_SECRET_KEY "See 'chamber read app-devlocal login_gov_secret_key' or https://docs.google.com/document/d/148RzqgaQbhOxXd4z_xuj5Jz8JNETThrn7RVFmMqXFvk"
 
 # JSON Web Token (JWT) config
 CLIENT_AUTH_SECRET_KEY=$(cat config/tls/devlocal-client_auth_secret.key)
@@ -105,8 +117,8 @@ export DOD_CA_PACKAGE="${MYMOVE_DIR}/config/tls/Certificates_PKCS7_v5.4_DoD.der.
 # MyMove client certificate
 # All of our DoD-signed certs are currently signed by DOD SW CA-54
 MOVE_MIL_DOD_CA_CERT=$(cat ${MYMOVE_DIR}/config/tls/dod-sw-ca-54.pem)
-require MOVE_MIL_DOD_TLS_CERT "See https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
-require MOVE_MIL_DOD_TLS_KEY "See https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
+require MOVE_MIL_DOD_TLS_CERT "See 'chamber read app-devlocal move_mil_dod_tls_cert' or https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
+require MOVE_MIL_DOD_TLS_KEY "See 'chamber read app-devlocal move_mil_dod_tls_key' or https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
 export MOVE_MIL_DOD_CA_CERT
 
 # Prevent user sessions from timing out
@@ -137,28 +149,24 @@ export AWS_S3_KEY_NAMESPACE=$USER
 export AWS_SES_DOMAIN="devlocal.dp3.us"
 export AWS_SES_REGION="us-west-2"
 
-# Bing MAPS API
-# export BING_MAPS_ENDPOINT="https://dev.virtualearth.net/REST/v1/Routes/Truck"
-# require BING_MAPS_KEY "See https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
-
 # HERE MAPS API
 export HERE_MAPS_GEOCODE_ENDPOINT="https://geocoder.cit.api.here.com/6.2/geocode.json"
 export HERE_MAPS_ROUTING_ENDPOINT="https://route.cit.api.here.com/routing/7.2/calculateroute.json"
-require HERE_MAPS_APP_ID "See https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
-require HERE_MAPS_APP_CODE "See https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
+require HERE_MAPS_APP_ID "See 'chamber read app-devlocal here_maps_app_id' or https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
+require HERE_MAPS_APP_CODE "See 'chamber read app-devlocal here_maps_app_code' or https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
 
 # Transcom ppp-infra repo path
 require PPP_INFRA_PATH "Set to your local checkout of https://github.com/transcom/ppp-infra (e.g., ~/your-personal-repo-directory/ppp-infra)."
 
 # GEX integration config
 export GEX_BASIC_AUTH_USERNAME="mymovet"
-require GEX_BASIC_AUTH_PASSWORD "See https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
+require GEX_BASIC_AUTH_PASSWORD "See 'chamber read app-devlocal gex_basic_auth_password' or https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
 export GEX_URL=""
 # To actually send the GEX request, replace url in envrc.local with the line below
 # export GEX_URL=https://gexweba.daas.dla.mil/msg_data/submit/
 
-require DPS_AUTH_SECRET_KEY "https://docs.google.com/document/d/1HAD9tu9WahzVEam5FFWrgywdMm4aTfVW-Mp3rL7idAo"
-require DPS_AUTH_COOKIE_SECRET_KEY "https://docs.google.com/document/d/1HAD9tu9WahzVEam5FFWrgywdMm4aTfVW-Mp3rL7idAo"
+require DPS_AUTH_SECRET_KEY "See 'chamber read app-devlocal dps_auth_secret_key' or https://docs.google.com/document/d/1HAD9tu9WahzVEam5FFWrgywdMm4aTfVW-Mp3rL7idAo"
+require DPS_AUTH_COOKIE_SECRET_KEY "See 'chamber read app-devlocal dps_auth_cookie_secret_key' or https://docs.google.com/document/d/1HAD9tu9WahzVEam5FFWrgywdMm4aTfVW-Mp3rL7idAo"
 export DPS_COOKIE_EXPIRES_IN_MINUTES="240"
 export HTTP_SDDC_PROTOCOL="http"
 export HTTP_SDDC_PORT="8080"
@@ -169,13 +177,13 @@ export DPS_COOKIE_NAME="DPSIVV"
 export IWS_RBS_HOST="pkict.dmdc.osd.mil"
 
 # Unsecured CSRF Auth Key, for local dev only
-require CSRF_AUTH_KEY "See https://docs.google.com/document/d/1DuWXZLFaW7FXvqh-PStqjZI40niEavXWS5PPtWPlK3w"
+require CSRF_AUTH_KEY "See 'chamber read app-devlocal csrf_auth_key' or https://docs.google.com/document/d/1DuWXZLFaW7FXvqh-PStqjZI40niEavXWS5PPtWPlK3w"
 
 # Always show Swagger UI in development
 export SERVE_SWAGGER_UI=true
 
 # EIA API Key (for fuel price data)
-require EIA_KEY "https://docs.google.com/document/d/1K1-xlYcZaS518PQiaB39gSvqz2tTo0W8eM0wImB7TcI"
+require EIA_KEY "See 'chamber read app-devlocal eia_key' or https://docs.google.com/document/d/1K1-xlYcZaS518PQiaB39gSvqz2tTo0W8eM0wImB7TcI"
 export EIA_URL="https://api.eia.gov/series/"
 
 ##############################################

.envrc.chamber.template

@@ -0,0 +1,17 @@
+#! /usr/bin/env bash
+
+#############################
+# Load Secrets from Chamber #
+#############################
+
+# Secrets should be stored in the corresponding Google Doc listed in the .envrc file.
+# Secrets should also be added to chamber with `chamber write app-devlocal lower_case_version secret_key`
+
+# This line grabs any available secrets in app-devlocal and adds them to the environment.
+# Lines that begin with `require ...` should still run to verify the secret is set.
+if ! AWS_VAULT_KEYCHAIN_NAME=login aws-vault exec transcom-ppp -- chamber list app-devlocal --retries=1 > /dev/null ; then
+  log_error "Unable to access app-devlocal variables with chamber."
+  log_error "Login to chamber with 'chamber list app-devlocal'."
+else
+  eval "$(AWS_VAULT_KEYCHAIN_NAME=login aws-vault exec transcom-ppp -- chamber env app-devlocal --retries=1)"
+fi

.gitignore

@@ -1,6 +1,8 @@
 *.swp
 
+# direnv
 .envrc.local
+.envrc.chamber
 
 # dependencies
 /vendor
@@ -61,6 +63,7 @@ yarn-error.log*
 public/swagger-ui/*
 !public/swagger-ui/api.html
 !public/swagger-ui/internal.html
+!public/swagger-ui/admin.html
 
 # Cypress integration tests
 cypress/videos

.pre-commit-config.yaml

@@ -58,29 +58,41 @@ repos:
     hooks:
       - id: swagger
         name: API Swagger
-        entry: bin/swagger validate swagger/api.yaml
+        entry: bin/swagger validate
         language: script
+        files: swagger/api.yaml
 
   - repo: local
     hooks:
       - id: swagger
         name: Internal Swagger
-        entry: bin/swagger validate swagger/internal.yaml
+        entry: bin/swagger validate
         language: script
+        files: swagger/internal.yaml
 
   - repo: local
     hooks:
       - id: swagger
         name: Orders Swagger
-        entry: bin/swagger validate swagger/orders.yaml
+        entry: bin/swagger validate
         language: script
+        files: swagger/orders.yaml
 
   - repo: local
     hooks:
     - id: swagger
       name: DPS Swagger
-      entry: bin/swagger validate swagger/dps.yaml
+      entry: bin/swagger validate
       language: script
+      files: swagger/dps.yaml
+
+  - repo: local
+    hooks:
+      - id: swagger
+        name: Admin Swagger
+        entry: bin/swagger validate
+        language: script
+        files: swagger/admin.yaml
 
   # Ensure markdown files have updated table of contents
   - repo: local

README.md

@@ -145,7 +145,7 @@ The following commands will get mymove running on your machine for the first tim
   * Ensure that `/usr/local/bin` comes before `/bin` on your `$PATH` by running `echo $PATH`. Modify your path by editing `~/.bashrc` or `~/.bash_profile` and changing the `PATH`.  Then source your profile with `source ~/.bashrc` or `~/.bash_profile` to ensure that your terminal has it.
 * Run `scripts/prereqs` and install everything it tells you to. _Do not configure PostgreSQL to automatically start at boot time or the DB commands will not work correctly!_
 * For managing local environment variables, we're using [direnv](https://direnv.net/). You need to [configure your shell to use it](https://direnv.net/). For bash, add the command `eval "$(direnv hook bash)"` to whichever file loads upon opening bash (likely `~./bash_profile`, though instructions say `~/.bashrc`).
-* Run `direnv allow` to load up the `.envrc` file. Add a `.envrc.local` file with any values it asks you to define.
+* Run `direnv allow` to load up the `.envrc` file. Add a `.envrc.local` file and add any values that the output asks you to define. Alternatively run `cp .envrc.chamber.template .envrc.chamber` to enable getting secret values from `chamber`.
 * Run `make deps`.
 * [EditorConfig](http://editorconfig.org/) allows us to manage editor configuration (like indent sizes,) with a [file](https://github.com/transcom/ppp/blob/master/.editorconfig) in the repo. Install the appropriate plugin in your editor to take advantage of that.
 * Run `pre-commit install` to install a pre-commit hook into `./git/hooks/pre-commit`.  This is different than `brew install pre-commit` and must be done so that the hook will check files you are about to commit to the repository.  Also, using this hook is much faster than attempting to create your own with `pre-commit run -a`.
@@ -228,7 +228,7 @@ Dependencies are managed by yarn. To add a new dependency, use `yarn add`
 
 ### Setup: S3
 
-If you want to develop against the live S3 service, you will need to configure the following values in your `.envrc`:
+If you want to develop against the live S3 service, you will need to configure the following values in your `.envrc.local`:
 
 ```text
 AWS_S3_BUCKET_NAME
@@ -273,6 +273,8 @@ In addition, internal services, i.e. endpoints only intended for use by the Reac
 
 The Orders Gateway's API is defined in the file `swagger/orders.yaml` and served at `/orders/v0/orders.yaml`.
 
+The Admin API is defined in the file `swagger/admin.yaml` and served at `/admin/v1/swagger.yaml`.
+
 You can view the API's documentation (powered by Swagger UI) at <http://localhost:3000/api/v1/docs> when a local server is running.
 
 ### Testing
@@ -365,9 +367,13 @@ In development, we use [direnv](https://direnv.net/) to setup environment variab
     # or
 
     # Specify that an environment variable must be defined in .envrc.local
-    require NEW_ENV_VAR "Look for info on this value in Google Drive"
+    require NEW_ENV_VAR "Look for info on this value in chamber and Google Drive"
     ```
 
+Required variables should be placed in google docs and linked in `.envrc`. The value should also be placed in `chamber`
+with `chamber write app-devlocal <key> <value>`. For long blocks of text like certificates you can write them with
+`echo "$LONG_VALUE" | chamber write app-devlocal <key> -`.
+
 For per-tier environment variables (that are not secret), simply add the variables to the relevant `config/env/[experimental|staging|prod].env` file with the format `NAME=VALUE` on each line.  Then add the relevant section to `config/app.container-definition.json`.  The deploy process uses Go's [template package](https://golang.org/pkg/text/template/) for rendering the container definition.  For example,
 
 ```bash

cmd/generate_test_data/main.go

@@ -65,7 +65,7 @@ func main() {
 		numShipments := 25
 		numShipmentOfferSplit := []int{15, 10}
 		// TSPs should never be able to see DRAFT or SUBMITTED or AWARDING shipments.
-		status := []models.ShipmentStatus{"AWARDED", "ACCEPTED", "APPROVED", "IN_TRANSIT", "DELIVERED", "COMPLETED"}
+		status := []models.ShipmentStatus{"AWARDED", "ACCEPTED", "APPROVED", "IN_TRANSIT", "DELIVERED"}
 		_, _, _, createShipmentOfferDataErr := testdatagen.CreateShipmentOfferData(db, numTspUsers, numShipments, numShipmentOfferSplit, status, models.SelectedMoveTypeHHG)
 		if createShipmentOfferDataErr != nil {
 			log.Panic(createShipmentOfferDataErr)

cmd/milmove/main.go

@@ -39,6 +39,7 @@ import (
 	"github.com/transcom/mymove/pkg/ecs"
 	ediinvoice "github.com/transcom/mymove/pkg/edi/invoice"
 	"github.com/transcom/mymove/pkg/handlers"
+	"github.com/transcom/mymove/pkg/handlers/adminapi"
 	"github.com/transcom/mymove/pkg/handlers/dpsapi"
 	"github.com/transcom/mymove/pkg/handlers/internalapi"
 	"github.com/transcom/mymove/pkg/handlers/ordersapi"
@@ -648,6 +649,22 @@ func serveFunction(cmd *cobra.Command, args []string) error {
 	internalAPIMux.Use(middleware.NoCache(logger))
 	internalAPIMux.Handle(pat.New("/*"), internalapi.NewInternalAPIHandler(handlerContext))
 
+	adminMux := goji.SubMux()
+	root.Handle(pat.New("/admin/v1/*"), adminMux)
+	adminMux.Handle(pat.Get("/swagger.yaml"), fileHandler(v.GetString(cli.AdminSwaggerFlag)))
+	if v.GetBool(cli.ServeSwaggerUIFlag) {
+		logger.Info("Admin API Swagger UI serving is enabled")
+		adminMux.Handle(pat.Get("/docs"), fileHandler(path.Join(build, "swagger-ui", "admin.html")))
+	} else {
+		adminMux.Handle(pat.Get("/docs"), http.NotFoundHandler())
+	}
+	// Mux for admin API that enforces auth
+	adminAPIMux := goji.SubMux()
+	adminMux.Handle(pat.New("/*"), adminAPIMux)
+	adminAPIMux.Use(userAuthMiddleware)
+	adminAPIMux.Use(middleware.NoCache(logger))
+	adminAPIMux.Handle(pat.New("/*"), adminapi.NewAdminAPIHandler(handlerContext))
+
 	authContext := authentication.NewAuthContext(logger, loginGovProvider, loginGovCallbackProtocol, loginGovCallbackPort)
 	authMux := goji.SubMux()
 	root.Handle(pat.New("/auth/*"), authMux)

cypress/integration/mymove/landingPages.js

@@ -72,12 +72,6 @@ describe('testing landing pages', function() {
     hhgDeliveredOrCompletedMoveSummary('3339dd2a-a23f-4967-a035-3bc9987c6848');
   });
 
-  // HHG: COMPLETED
-  it('tests completed HHG', function() {
-    // hhg@com.pleted
-    hhgDeliveredOrCompletedMoveSummary('4449dd2a-a23f-4967-a035-3bc9987c6848');
-  });
-
   // HHG: CANCELED
   it('tests canceled HHG', function() {
     // hhg@cancel.ed

cypress/integration/mymove/ppm.js

@@ -24,13 +24,6 @@ describe('completing the ppm flow', function() {
       .clear()
       .type('80913');
 
-    // same destination postal code and pickup postal code is not allowed
-    cy
-      .get('input[name="destination_postal_code"]')
-      .type('80913')
-      .blur();
-    cy.get('#destination_postal_code-error').should('exist');
-
     cy
       .get('input[name="destination_postal_code"]')
       .clear()
@@ -148,6 +141,57 @@ describe('completing the ppm flow', function() {
   });
 });
 
+describe('check invalid ppm inputs', () => {
+  it('doesnt allow SM to progress if dont have rate data for move dates + zips"', function() {
+    cy.signInAsUserPostRequest(milmoveAppName, '99360a51-8cfa-4e25-ae57-24e66077305f');
+
+    cy.contains('Continue Move Setup').click();
+    cy.location().should(loc => {
+      expect(loc.pathname).to.match(/^\/moves\/[^/]+\/ppm-start/);
+    });
+    cy.get('.wizard-header').should('not.exist');
+    cy
+      .get('input[name="original_move_date"]')
+      .first()
+      .type('6/3/2100{enter}');
+    cy
+      .get('input[name="pickup_postal_code"]')
+      .clear()
+      .type('80913');
+    cy.get('input[name="destination_postal_code"]').type('76127');
+    cy.nextPage();
+
+    cy.location().should(loc => {
+      expect(loc.pathname).to.match(/^\/moves\/[^/]+\/ppm-start/);
+    });
+    cy.get('#original_move_date-error').should('exist');
+  });
+
+  it('doesnt allow same origin and destination zip', function() {
+    cy.signInAsUserPostRequest(milmoveAppName, '99360a51-8cfa-4e25-ae57-24e66077305f');
+    cy.contains('Continue Move Setup').click();
+    cy.location().should(loc => {
+      expect(loc.pathname).to.match(/^\/moves\/[^/]+\/ppm-start/);
+    });
+    cy.get('.wizard-header').should('not.exist');
+    cy
+      .get('input[name="original_move_date"]')
+      .first()
+      .type('9/2/2018{enter}')
+      .blur();
+    cy
+      .get('input[name="pickup_postal_code"]')
+      .clear()
+      .type('80913');
+    cy
+      .get('input[name="destination_postal_code"]')
+      .type('80913')
+      .blur();
+
+    cy.get('#destination_postal_code-error').should('exist');
+  });
+});
+
 describe('editing ppm only move', () => {
   it('sees only details relevant to PPM only move', () => {
     cy.signInAsUserPostRequest(milmoveAppName, 'e10d5964-c070-49cb-9bd1-eaf9f7348eb6');

cypress/integration/office/officeUserHHG.js

@@ -12,9 +12,6 @@ describe('office user finds the shipment', function() {
   it('office user views delivered hhg moves in queue Delivered HHGs', function() {
     officeUserViewsDeliveredShipment();
   });
-  it('office user views completed hhg moves in queue Completed HHGs', function() {
-    officeUserViewsCompletedShipment();
-  });
   it('office user approves basics for move, cannot approve HHG shipment', function() {
     officeUserApprovesOnlyBasicsHHG();
   });
@@ -64,27 +61,6 @@ function officeUserViewsDeliveredShipment() {
   });
 }
 
-function officeUserViewsCompletedShipment() {
-  // Open new moves queue
-  cy.patientVisit('/queues/hhg_completed');
-  cy.location().should(loc => {
-    expect(loc.pathname).to.match(/^\/queues\/hhg_completed/);
-  });
-
-  // Find move (generated in e2ebasic.go) and open it
-  cy.selectQueueItemMoveLocator('NOCHKA');
-
-  cy.location().should(loc => {
-    expect(loc.pathname).to.match(/^\/queues\/new\/moves\/[^/]+\/basics/);
-  });
-
-  cy.get('[data-cy="hhg-tab"]').click();
-
-  cy.location().should(loc => {
-    expect(loc.pathname).to.match(/^\/queues\/new\/moves\/[^/]+\/hhg/);
-  });
-}
-
 function officeUserViewsAcceptedShipment() {
   // Open new moves queue
   cy.patientVisit('/queues/hhg_accepted');