Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permit a specific CAC cert to read/write Navy Orders #1964

Merged
merged 1 commit into from Apr 4, 2019

Conversation

2 participants
@jamesatheyDDS
Copy link
Contributor

jamesatheyDDS commented Apr 4, 2019

Description

This PR is a secure migration to permit a specific CAC certificate to read and write Navy Orders in the Orders API.

Reviewer Notes

The US Navy is not going to connect to the Orders Gateway directly in the near-term. Instead, they are providing us flat-file exports from their orders database, and we run those flat-file exports through the Navy Orders Muncher (nom) which handles converting the flat file into the appropriate JSON structures and uploading them to the Orders API.

The Orders API uses client certificate authentication. Only certificates signed by a trusted CA (such as DISA) are allowed. As nom is a command-line tool run by a person, using that person's CAC as the certificate is a convenient way to permit a single trusted individual to upload Orders.

Once the Navy completes their integration between NSIPS and the Orders API, this CAC certificate should be removed.

Alternatively, if nom is integrated into MilMove and nom or the Orders API gains the ability to authenticate using login.gov, then we should use that instead for this particular Navy use-case and remove this CAC certificate.

Code Review Verification Steps

  • Any new migrations/schema changes:
    • Follow our guidelines for zero-downtime deploys (see Zero-Downtime Deploys)
    • Have been communicated to #dp3-engineering
    • Secure migrations have been tested using scripts/run-prod-migrations
  • Request review from a member of a different team.
@chrisgilmerproj
Copy link
Contributor

chrisgilmerproj left a comment

⭐️ - I ran this locally and it worked for me.

@chrisgilmerproj

This comment has been minimized.

Copy link
Contributor

chrisgilmerproj commented Apr 4, 2019

@codecov

This comment has been minimized.

Copy link

codecov bot commented Apr 4, 2019

Codecov Report

Merging #1964 into master will decrease coverage by 0.17%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1964      +/-   ##
==========================================
- Coverage   60.83%   60.66%   -0.17%     
==========================================
  Files         192      193       +1     
  Lines       12225    12283      +58     
==========================================
+ Hits         7437     7451      +14     
- Misses       3909     3953      +44     
  Partials      879      879
1 similar comment
@codecov

This comment has been minimized.

Copy link

codecov bot commented Apr 4, 2019

Codecov Report

Merging #1964 into master will decrease coverage by 0.17%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1964      +/-   ##
==========================================
- Coverage   60.83%   60.66%   -0.17%     
==========================================
  Files         192      193       +1     
  Lines       12225    12283      +58     
==========================================
+ Hits         7437     7451      +14     
- Misses       3909     3953      +44     
  Partials      879      879

@jamesatheyDDS jamesatheyDDS merged commit 1c6824b into master Apr 4, 2019

18 of 19 checks passed

codecov/project/go 60.49% (-0.18%) compared to c581f65
Details
Codacy/PR Quality Review Up to standards. A positive pull request.
Details
ci/circleci: acceptance_tests_experimental Your tests passed on CircleCI!
Details
ci/circleci: acceptance_tests_local Your tests passed on CircleCI!
Details
ci/circleci: acceptance_tests_staging Your tests passed on CircleCI!
Details
ci/circleci: build_app Your tests passed on CircleCI!
Details
ci/circleci: build_migrations Your tests passed on CircleCI!
Details
ci/circleci: build_tools Your tests passed on CircleCI!
Details
ci/circleci: client_test Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_api Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_mymove Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_office Your tests passed on CircleCI!
Details
ci/circleci: integration_tests_tsp Your tests passed on CircleCI!
Details
ci/circleci: pre_deps_golang Your tests passed on CircleCI!
Details
ci/circleci: pre_deps_yarn Your tests passed on CircleCI!
Details
ci/circleci: pre_test Your tests passed on CircleCI!
Details
ci/circleci: server_test Your tests passed on CircleCI!
Details
ci/circleci: server_test_coverage Your tests passed on CircleCI!
Details
codecov/patch Coverage not affected when comparing c581f65...0f85415
Details

@jamesatheyDDS jamesatheyDDS deleted the james-cac-navy-orders branch Apr 4, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.