diff --git a/.circleci/config.yml b/.circleci/config.yml index 2ffebe32ed7..04448f118e5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1092,7 +1092,7 @@ commands: export MUTUAL_TLS_ENABLED=true export MUTUAL_TLS_PORT=9443 export SERVE_API_PRIME=true - export SERVE_API_PPTAS=true + make db_dev_create bin/milmove migrate # load tests do not need client files diff --git a/cmd/milmove/gen_certs_migration.go b/cmd/milmove/gen_certs_migration.go index a33be69f906..96a0e8befca 100644 --- a/cmd/milmove/gen_certs_migration.go +++ b/cmd/milmove/gen_certs_migration.go @@ -67,7 +67,6 @@ INSERT INTO public.client_certs ( user_id, allow_orders_api, allow_prime, - allow_pptas, created_at, updated_at, allow_air_force_orders_read, @@ -87,7 +86,6 @@ VALUES ( '{{.UserID}}', true, true, - false, now(), now(), true, diff --git a/cmd/pptas-api-client/main.go b/cmd/pptas-api-client/main.go deleted file mode 100644 index 96b04d0f81c..00000000000 --- a/cmd/pptas-api-client/main.go +++ /dev/null @@ -1,50 +0,0 @@ -package main - -import ( - "time" - - "github.com/spf13/cobra" - "github.com/spf13/pflag" - - "github.com/transcom/mymove/cmd/pptas-api-client/pptas" - "github.com/transcom/mymove/cmd/pptas-api-client/utils" - "github.com/transcom/mymove/pkg/cli" -) - -// initRootFlags initializes flags relating to the prime api -func initRootFlags(flag *pflag.FlagSet) { - cli.InitCACFlags(flag) - cli.InitLoggingFlags(flag) - - flag.String(utils.CertPathFlag, "./config/tls/devlocal-mtls.cer", "Path to the public cert") - flag.String(utils.KeyPathFlag, "./config/tls/devlocal-mtls.key", "Path to the private key") - flag.String(utils.HostnameFlag, cli.HTTPPrimeServerNameLocal, "The hostname to connect to") - flag.Int(utils.PortFlag, cli.MutualTLSPort, "The port to connect to") - flag.Bool(utils.InsecureFlag, false, "Skip TLS verification and validation") - flag.String(utils.FilenameFlag, "", "The name of the file being passed in") - flag.String(utils.IDFlag, "", "The UUID of the object being retrieved or updated") - flag.Duration(utils.WaitFlag, time.Second*80, "duration to wait for server to respond") -} - -func main() { - root := cobra.Command{ - Use: "prime-api-client [flags]", - Short: "Prime API client", - Long: "Prime API client", - } - initRootFlags(root.PersistentFlags()) - - listMovesCommand := &cobra.Command{ - Use: "list-moves", - Short: "An optimized fetch for all moves available to Prime", - Long: "Fetches moves that are available to Prime quickly, without all the data for nested objects.", - RunE: pptas.ListMoves, - SilenceUsage: true, - } - pptas.InitListMovesFlags(listMovesCommand.Flags()) - root.AddCommand(listMovesCommand) - - if err := root.Execute(); err != nil { - panic(err) - } -} diff --git a/cmd/pptas-api-client/pptas/list_moves.go b/cmd/pptas-api-client/pptas/list_moves.go deleted file mode 100644 index f5388e5c30d..00000000000 --- a/cmd/pptas-api-client/pptas/list_moves.go +++ /dev/null @@ -1,112 +0,0 @@ -package pptas - -import ( - "encoding/json" - "fmt" - "log" - "os" - "time" - - "github.com/go-openapi/strfmt" - "github.com/spf13/cobra" - "github.com/spf13/pflag" - "github.com/spf13/viper" - - "github.com/transcom/mymove/cmd/pptas-api-client/utils" - moves "github.com/transcom/mymove/pkg/gen/pptasclient/moves" - "github.com/transcom/mymove/pkg/gen/pptasmessages" -) - -// InitListMovesFlags declares which flags are enabled -func InitListMovesFlags(flag *pflag.FlagSet) { - flag.String(utils.SinceFlag, "", "Timestamp for filtering moves. Returns moves updated since this time.") - flag.SortFlags = false -} - -func checkListMovesConfig(v *viper.Viper, logger *log.Logger) error { - err := utils.CheckRootConfig(v) - if err != nil { - logger.Fatal(err) - } - - return nil -} - -// ListMoves creates a gateway and sends the request to the endpoint -func ListMoves(cmd *cobra.Command, args []string) error { - v := viper.New() - - //Create the logger - //Remove the prefix and any datetime data - logger := log.New(os.Stdout, "", log.LstdFlags) - - errParseFlags := utils.ParseFlags(cmd, v, args) - if errParseFlags != nil { - return errParseFlags - } - - // Check the config before talking to the CAC - err := checkListMovesConfig(v, logger) - if err != nil { - logger.Fatal(err) - } - - // Get the since param, if any - var params moves.ListMovesParams - since := v.GetString(utils.SinceFlag) - if since != "" { - sinceDateTime, sinceErr := strfmt.ParseDateTime(since) - if sinceErr != nil { - logger.Fatal(err) - } - params.SetSince(&sinceDateTime) - } - - primeGateway, cacStore, errCreateClient := utils.CreatePrimeClient(v) - if errCreateClient != nil { - return errCreateClient - } - // Defer closing the store until after the API call has completed - if cacStore != nil { - defer func() { - if closeErr := cacStore.Close(); closeErr != nil { - logger.Fatal(closeErr) - } - }() - } - - startTime := time.Now() - - // this wait retry logic would need to be replicated to all - // commands, so start with list moves for now - wait := v.GetDuration(utils.WaitFlag) - params.SetTimeout(wait) - var payload pptasmessages.ListMoves - // loop until we either time out or get a successful response - for { - resp, err := primeGateway.Moves.ListMoves(¶ms) - if err != nil { - currentTime := time.Now() - if currentTime.Sub(startTime) > wait { - // the request timed out, so return the error - return utils.HandleGatewayError(err, logger) - } - logger.Printf("Problem with request: %s, Sleeping 1s\n", err) - time.Sleep(1 * time.Second) - } else { - payload = resp.GetPayload() - if payload != nil { - payload, errJSONMarshall := json.Marshal(payload) - if errJSONMarshall != nil { - logger.Fatal(errJSONMarshall) - } - fmt.Println(string(payload)) - } else { - logger.Fatal(resp.Error()) - } - - return nil - } - } - -} diff --git a/cmd/pptas-api-client/utils/connection.go b/cmd/pptas-api-client/utils/connection.go deleted file mode 100644 index fcc149ef84e..00000000000 --- a/cmd/pptas-api-client/utils/connection.go +++ /dev/null @@ -1,239 +0,0 @@ -package utils - -import ( - "crypto/tls" - "fmt" - "log" - "net/http" - - runtimeClient "github.com/go-openapi/runtime/client" - "github.com/spf13/viper" - "pault.ag/go/pksigner" - - "github.com/transcom/mymove/pkg/cli" - pptasClient "github.com/transcom/mymove/pkg/gen/pptasclient" -) - -// CreatePrimeClientWithCACStoreParam creates the prime api client -// #nosec G402 -func CreatePrimeClientWithCACStoreParam(v *viper.Viper, store *pksigner.Store) (*pptasClient.Mymove, *pksigner.Store, error) { - - // Use command line inputs - hostname := v.GetString(HostnameFlag) - port := v.GetInt(PortFlag) - insecure := v.GetBool(InsecureFlag) - - var httpClient *http.Client - - // The client certificate comes from a smart card - //var store *pksigner.Store - if v.GetBool(cli.CACFlag) { - /* TODO how to check if logged in already?? - var errCACStoreLogin error - store, errCACStoreLogin = cli.CACStoreLogin(v, store) - if errCACStoreLogin != nil { - log.Fatal(errCACStoreLogin) - } - */ - cert, errTLSCert := store.TLSCertificate() - if errTLSCert != nil { - fmt.Printf("\n\nstore.TLSCertificate() failed with: [%s]\n\n", errTLSCert.Error()) - log.Fatal(errTLSCert) - } - - // must explicitly state what signature algorithms we allow as of Go 1.14 to disable RSA-PSS signatures - cert.SupportedSignatureAlgorithms = []tls.SignatureScheme{tls.PKCS1WithSHA256} - - //RA Summary: gosec - G402 - Look for bad TLS connection settings - //RA: The linter is flagging this line of code because we are passing in a boolean value which can set InsecureSkipVerify to true. - //RA: In production, the value of this flag is always false. We are, however, using - //RA: this flag during local development to test the Prime API as further specified in the following docs: - //RA: * https://github.com/transcom/prime_api_deliverable/wiki/Getting-Started#run-prime-api-client - //RA: * https://transcom.github.io/mymove-docs/docs/dev/getting-started/How-to-Test-the-Prime-API - //RA Developer Status: Mitigated - //RA Validator Status: Mitigated - //RA Modified Severity: CAT III - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{*cert}, - //nolint:gosec // G402 - InsecureSkipVerify: insecure, - MinVersion: tls.VersionTLS12, - MaxVersion: tls.VersionTLS12, - } - transport := &http.Transport{ - TLSClientConfig: tlsConfig, - } - httpClient = &http.Client{ - Transport: transport, - } - } else if !v.GetBool(cli.CACFlag) { - certPath := v.GetString(CertPathFlag) - keyPath := v.GetString(KeyPathFlag) - - var errRuntimeClientTLS error - httpClient, errRuntimeClientTLS = runtimeClient.TLSClient(runtimeClient.TLSClientOptions{ - Key: keyPath, - Certificate: certPath, - InsecureSkipVerify: insecure}) - if errRuntimeClientTLS != nil { - log.Fatal(errRuntimeClientTLS) - } - } - - verbose := cli.LogLevelIsDebug(v) - hostWithPort := fmt.Sprintf("%s:%d", hostname, port) - myRuntime := runtimeClient.NewWithClient(hostWithPort, pptasClient.DefaultBasePath, []string{"https"}, httpClient) - myRuntime.EnableConnectionReuse() - myRuntime.SetDebug(verbose) - - primeGateway := pptasClient.New(myRuntime, nil) - - return primeGateway, store, nil -} - -// CreatePrimeClient creates the prime api client -// #nosec G402 -func CreatePrimeClient(v *viper.Viper) (*pptasClient.Mymove, *pksigner.Store, error) { - - // Use command line inputs - hostname := v.GetString(HostnameFlag) - port := v.GetInt(PortFlag) - insecure := v.GetBool(InsecureFlag) - - var httpClient *http.Client - - // The client certificate comes from a smart card - var store *pksigner.Store - if v.GetBool(cli.CACFlag) { - var errGetCACStore error - store, errGetCACStore = cli.GetCACStore(v) - if errGetCACStore != nil { - log.Fatal(errGetCACStore) - } - cert, errTLSCert := store.TLSCertificate() - if errTLSCert != nil { - log.Fatal(errTLSCert) - } - - // must explicitly state what signature algorithms we allow as of Go 1.14 to disable RSA-PSS signatures - cert.SupportedSignatureAlgorithms = []tls.SignatureScheme{tls.PKCS1WithSHA256} - - //RA Summary: gosec - G402 - Look for bad TLS connection settings - //RA: The linter is flagging this line of code because we are passing in a boolean value which can set InsecureSkipVerify to true. - //RA: In production, the value of this flag is always false. We are, however, using - //RA: this flag during local development to test the Prime API as further specified in the following docs: - //RA: * https://github.com/transcom/prime_api_deliverable/wiki/Getting-Started#run-prime-api-client - //RA: * https://transcom.github.io/mymove-docs/docs/dev/getting-started/How-to-Test-the-Prime-API - //RA Developer Status: Mitigated - //RA Validator Status: Mitigated - //RA Modified Severity: CAT III - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{*cert}, - //nolint:gosec //G402 - InsecureSkipVerify: insecure, - MinVersion: tls.VersionTLS12, - MaxVersion: tls.VersionTLS12, - } - transport := &http.Transport{ - TLSClientConfig: tlsConfig, - } - httpClient = &http.Client{ - Transport: transport, - } - } else if !v.GetBool(cli.CACFlag) { - certPath := v.GetString(CertPathFlag) - keyPath := v.GetString(KeyPathFlag) - - var errRuntimeClientTLS error - httpClient, errRuntimeClientTLS = runtimeClient.TLSClient(runtimeClient.TLSClientOptions{ - Key: keyPath, - Certificate: certPath, - InsecureSkipVerify: insecure}) - if errRuntimeClientTLS != nil { - log.Fatal(errRuntimeClientTLS) - } - } - - verbose := cli.LogLevelIsDebug(v) - hostWithPort := fmt.Sprintf("%s:%d", hostname, port) - myRuntime := runtimeClient.NewWithClient(hostWithPort, pptasClient.DefaultBasePath, []string{"https"}, httpClient) - myRuntime.EnableConnectionReuse() - myRuntime.SetDebug(verbose) - - primeGateway := pptasClient.New(myRuntime, nil) - - return primeGateway, store, nil -} - -// CreateSupportClient creates the support api client -func CreateSupportClient(v *viper.Viper) (*pptasClient.Mymove, *pksigner.Store, error) { - - // Use command line inputs - hostname := v.GetString(HostnameFlag) - port := v.GetInt(PortFlag) - insecure := v.GetBool(InsecureFlag) - - var httpClient *http.Client - - // The client certificate comes from a smart card - var store *pksigner.Store - if v.GetBool(cli.CACFlag) { - var errGetCACStore error - store, errGetCACStore = cli.GetCACStore(v) - if errGetCACStore != nil { - log.Fatal(errGetCACStore) - } - cert, errTLSCert := store.TLSCertificate() - if errTLSCert != nil { - log.Fatal(errTLSCert) - } - - // must explicitly state what signature algorithms we allow as of Go 1.14 to disable RSA-PSS signatures - cert.SupportedSignatureAlgorithms = []tls.SignatureScheme{tls.PKCS1WithSHA256} - - //RA Summary: gosec - G402 - Look for bad TLS connection settings - //RA: The linter is flagging this line of code because we are passing in a boolean value which can set InsecureSkipVerify to true. - //RA: In production, the value of this flag is always false. We are, however, using - //RA: this flag during local development to test the Prime API as further specified in the following docs: - //RA: * https://github.com/transcom/prime_api_deliverable/wiki/Getting-Started#run-prime-api-client - //RA: * https://transcom.github.io/mymove-docs/docs/dev/getting-started/How-to-Test-the-Prime-API - //RA Developer Status: Mitigated - //RA Validator Status: Mitigated - //RA Modified Severity: CAT III - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{*cert}, - //nolint:gosec //G402 - InsecureSkipVerify: insecure, - MinVersion: tls.VersionTLS12, - MaxVersion: tls.VersionTLS12, - } - transport := &http.Transport{ - TLSClientConfig: tlsConfig, - } - httpClient = &http.Client{ - Transport: transport, - } - } else if !v.GetBool(cli.CACFlag) { - certPath := v.GetString(CertPathFlag) - keyPath := v.GetString(KeyPathFlag) - - var errRuntimeClientTLS error - httpClient, errRuntimeClientTLS = runtimeClient.TLSClient(runtimeClient.TLSClientOptions{ - Key: keyPath, - Certificate: certPath, - InsecureSkipVerify: insecure}) - if errRuntimeClientTLS != nil { - log.Fatal(errRuntimeClientTLS) - } - } - - verbose := cli.LogLevelIsDebug(v) - hostWithPort := fmt.Sprintf("%s:%d", hostname, port) - myRuntime := runtimeClient.NewWithClient(hostWithPort, pptasClient.DefaultBasePath, []string{"https"}, httpClient) - myRuntime.EnableConnectionReuse() - myRuntime.SetDebug(verbose) - - supportGateway := pptasClient.New(myRuntime, nil) - - return supportGateway, store, nil -} diff --git a/cmd/pptas-api-client/utils/shared.go b/cmd/pptas-api-client/utils/shared.go deleted file mode 100644 index b9945f85687..00000000000 --- a/cmd/pptas-api-client/utils/shared.go +++ /dev/null @@ -1,144 +0,0 @@ -package utils - -import ( - "bufio" - "encoding/json" - "errors" - "fmt" - "log" - "net/url" - "os" - "path/filepath" - "strings" - - openapi "github.com/go-openapi/runtime" - "github.com/spf13/cobra" - "github.com/spf13/viper" - - "github.com/transcom/mymove/pkg/cli" -) - -const ( - // FilenameFlag is the name of the file being passed in - FilenameFlag string = "filename" - // IDFlag is the UUID of the object being retrieved - IDFlag string = "id" - // SinceFlag is the datetime for the `since` filter for fetching moves - SinceFlag string = "since" - // ETagFlag is the etag for the mto shipment being updated - ETagFlag string = "etag" - // PaymentRequestIDFlag is the payment request ID - PaymentRequestIDFlag string = "paymentRequestID" - // CertPathFlag is the path to the certificate to use for TLS - CertPathFlag string = "certpath" - // KeyPathFlag is the path to the key to use for TLS - KeyPathFlag string = "keypath" - // HostnameFlag is the hostname to connect to - HostnameFlag string = "hostname" - // PortFlag is the port to connect to - PortFlag string = "port" - // InsecureFlag indicates that TLS verification and validation can be skipped - InsecureFlag string = "insecure" - // WaitFlag is how long to wait for the server to respond. The - // string is parsed by https://pkg.go.dev/time#ParseDuration - WaitFlag string = "wait" -) - -// ParseFlags parses the command line flags -func ParseFlags(cmd *cobra.Command, v *viper.Viper, args []string) error { - - errParseFlags := cmd.ParseFlags(args) - if errParseFlags != nil { - return fmt.Errorf("could not parse args: %w", errParseFlags) - } - flags := cmd.Flags() - errBindPFlags := v.BindPFlags(flags) - if errBindPFlags != nil { - return fmt.Errorf("could not bind flags: %w", errBindPFlags) - } - v.SetEnvKeyReplacer(strings.NewReplacer("-", "_")) - v.AutomaticEnv() - return nil -} - -// ContainsDash returns true if the original command included an empty dash -func ContainsDash(args []string) bool { - for _, arg := range args { - if arg == "-" { - return true - } - } - return false -} - -// CheckRootConfig checks the validity of the prime api flags -func CheckRootConfig(v *viper.Viper) error { - err := cli.CheckCAC(v) - if err != nil { - return err - } - - err = cli.CheckLogging(v) - if err != nil { - return err - } - - if (v.GetString(CertPathFlag) != "" && v.GetString(KeyPathFlag) == "") || (v.GetString(CertPathFlag) == "" && v.GetString(KeyPathFlag) != "") { - return fmt.Errorf("Both TLS certificate and key paths must be provided") - } - - return nil -} - -// DecodeJSONFileToPayload takes a filename, or stdin and decodes the file into -// the supplied json payload. -// If the filename is not supplied, the isStdin bool should be set to true to use stdin. -// If the file contains parameters that do not exist in the payload struct, it will fail with an error -// Otherwise it will populate the payload -func DecodeJSONFileToPayload(filename string, isStdin bool, payload interface{}) error { - var reader *bufio.Reader - if filename != "" { - file, err := os.Open(filepath.Clean(filename)) - if err != nil { - return fmt.Errorf("file open failed: %w", err) - } - reader = bufio.NewReader(file) - } else if isStdin { // Uses std in if "-"" is provided instead - reader = bufio.NewReader(os.Stdin) - } else { - return errors.New("no file input was found") - } - - jsonDecoder := json.NewDecoder(reader) - jsonDecoder.DisallowUnknownFields() - - // Read the json into the mto payload - err := jsonDecoder.Decode(payload) - if err != nil { - return fmt.Errorf("file decode failed: %w", err) - } - - return nil -} - -// HandleGatewayError handles errors returned by the gateway -func HandleGatewayError(err error, logger *log.Logger) error { - if _, ok := err.(*openapi.APIError); ok { - // If you see an error like "unknown error (status 422)", it means - // we hit a completely unhandled error that we should handle. - // We should be enabling said error in the endpoint in swagger. - // 422 for example is an Unprocessable Entity and is returned by the swagger - // validation before it even hits the handler. - apiErr := err.(*openapi.APIError).Response.(openapi.ClientResponse) - logger.Fatalf("%s: %s", err, apiErr.Message()) - - } else if typedErr, ok := err.(*url.Error); ok { - // If the server is not running you are likely to see a connection error - // This catches the error and prints a useful message. - logger.Fatalf("%s operation to %s failed, check if server is running : %s", typedErr.Op, typedErr.URL, typedErr.Err.Error()) - } - // If it is a handled error, we should be able to pull out the payload here - data, _ := json.Marshal(err) - fmt.Printf("%s", data) - return nil -} diff --git a/config/env/demo.app-client-tls.env b/config/env/demo.app-client-tls.env index 2edf9a1ff3c..801e9b0e798 100644 --- a/config/env/demo.app-client-tls.env +++ b/config/env/demo.app-client-tls.env @@ -23,7 +23,6 @@ MUTUAL_TLS_ENABLED=true REDIS_ENABLED=false SERVE_ORDERS=true SERVE_API_PRIME=true -SERVE_API_PPTAS=true SERVE_API_SUPPORT=true SERVE_SWAGGER_UI=false TELEMETRY_ENABLED=true diff --git a/config/env/exp.app-client-tls.env b/config/env/exp.app-client-tls.env index c846facedd2..f4842398c23 100644 --- a/config/env/exp.app-client-tls.env +++ b/config/env/exp.app-client-tls.env @@ -23,7 +23,6 @@ MUTUAL_TLS_ENABLED=true REDIS_ENABLED=false SERVE_ORDERS=true SERVE_API_PRIME=true -SERVE_API_PPTAS=true SERVE_API_SUPPORT=true SERVE_SWAGGER_UI=false TLS_ENABLED=true diff --git a/config/env/loadtest.app-client-tls.env b/config/env/loadtest.app-client-tls.env index 8df8a3b981e..617e30d6337 100644 --- a/config/env/loadtest.app-client-tls.env +++ b/config/env/loadtest.app-client-tls.env @@ -21,7 +21,6 @@ MUTUAL_TLS_ENABLED=true REDIS_ENABLED=false SERVE_ORDERS=true SERVE_API_PRIME=true -SERVE_API_PPTAS=true SERVE_API_SUPPORT=true SERVE_SWAGGER_UI=false TELEMETRY_ENABLED=true diff --git a/config/env/prd.app-client-tls.env b/config/env/prd.app-client-tls.env index df3440a76f3..c2f5a3b9f0f 100644 --- a/config/env/prd.app-client-tls.env +++ b/config/env/prd.app-client-tls.env @@ -20,7 +20,6 @@ MUTUAL_TLS_ENABLED=true REDIS_ENABLED=false SERVE_ORDERS=true SERVE_API_PRIME=true -SERVE_API_PPTAS=true SERVE_API_SUPPORT=false SERVE_SWAGGER_UI=false TELEMETRY_ENABLED=true diff --git a/config/env/review.app.env b/config/env/review.app.env index 0e87bb2b912..708f7aa36a0 100644 --- a/config/env/review.app.env +++ b/config/env/review.app.env @@ -25,7 +25,6 @@ SERVE_ADMIN=true SERVE_API_GHC=true SERVE_API_INTERNAL=true SERVE_API_PRIME=true -SERVE_API_PPTAS=true SERVE_API_SUPPORT=true SERVE_SWAGGER_UI=true SERVE_PRIME_SIMULATOR=true diff --git a/config/env/stg.app-client-tls.env b/config/env/stg.app-client-tls.env index 19a8a891ea3..dd5b10a4138 100644 --- a/config/env/stg.app-client-tls.env +++ b/config/env/stg.app-client-tls.env @@ -22,7 +22,6 @@ MUTUAL_TLS_ENABLED=true REDIS_ENABLED=false SERVE_ORDERS=true SERVE_API_PRIME=true -SERVE_API_PPTAS=true SERVE_API_SUPPORT=true SERVE_SWAGGER_UI=false TELEMETRY_ENABLED=true diff --git a/docker-compose.local.yml b/docker-compose.local.yml index b8b15fa9974..e43a217bcf0 100644 --- a/docker-compose.local.yml +++ b/docker-compose.local.yml @@ -112,7 +112,6 @@ services: - SERVE_API_GHC=true - SERVE_API_INTERNAL=true - SERVE_API_PRIME=false - - SERVE_API_PPTAS=true - SERVE_API_SUPPORT=false - STORAGE_BACKEND=local - TLS_ENABLED=1 diff --git a/docker-compose.mtls.yml b/docker-compose.mtls.yml index 45fbac1652f..e9cad7f05b7 100644 --- a/docker-compose.mtls.yml +++ b/docker-compose.mtls.yml @@ -70,7 +70,6 @@ services: - PGPASSWORD=mysecretpassword - REDIS_ENABLED=false - SERVE_API_PRIME=true - - SERVE_API_PPTAS=true - SERVE_API_SUPPORT=true - STORAGE_BACKEND=local - TZ=UTC diff --git a/docker-compose.mtls_local.yml b/docker-compose.mtls_local.yml index f1bed2995c5..d4a723f2f46 100644 --- a/docker-compose.mtls_local.yml +++ b/docker-compose.mtls_local.yml @@ -88,7 +88,6 @@ services: - PGPASSWORD=mysecretpassword - REDIS_ENABLED=false - SERVE_API_PRIME=true - - SERVE_API_PPTAS=true - SERVE_API_SUPPORT=true - STORAGE_BACKEND=local - TZ=UTC diff --git a/docker-compose.prime.yml b/docker-compose.prime.yml index 815b9885512..00ddb359c9c 100644 --- a/docker-compose.prime.yml +++ b/docker-compose.prime.yml @@ -102,7 +102,6 @@ services: - SERVE_API_GHC=true - SERVE_API_INTERNAL=true - SERVE_API_PRIME=true - - SERVE_API_PPTAS=true - SERVE_API_SUPPORT=true - STORAGE_BACKEND=local - TZ=UTC diff --git a/docker-compose.yml b/docker-compose.yml index e05e6ca9995..815e316a5ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -104,7 +104,6 @@ services: - SERVE_API_GHC=true - SERVE_API_INTERNAL=true - SERVE_API_PRIME=false - - SERVE_API_PPTAS=true - SERVE_API_SUPPORT=false - SERVE_PRIME_SIMULATOR=true - STORAGE_BACKEND=local diff --git a/migrations/app/migrations_manifest.txt b/migrations/app/migrations_manifest.txt index a3521891c30..1e47d58801f 100644 --- a/migrations/app/migrations_manifest.txt +++ b/migrations/app/migrations_manifest.txt @@ -974,3 +974,4 @@ 20240730161630_remove-boat-shipments-index.up.sql 20240801135811_create_mobile_home.up.sql 20240801135833_alter_mto_shipment_type_motorhome.up.sql +20240814144527_remove_allow_pptas_client.up.sql diff --git a/migrations/app/schema/20240607134224_allow_pptas_client.up.sql b/migrations/app/schema/20240607134224_allow_pptas_client.up.sql index 54c71fd9690..f1a5443d13e 100644 --- a/migrations/app/schema/20240607134224_allow_pptas_client.up.sql +++ b/migrations/app/schema/20240607134224_allow_pptas_client.up.sql @@ -1,3 +1,3 @@ ALTER TABLE client_certs ADD COLUMN IF NOT EXISTS allow_pptas bool DEFAULT false NOT NULL; -COMMENT ON COLUMN client_certs.allow_pptas IS 'Indicates whether or not the cert grants access to the PPTAS API'; +COMMENT ON COLUMN client_certs.allow_pptas IS 'Indicates whether or not the cert grants access to the PPTAS API'; \ No newline at end of file diff --git a/migrations/app/schema/20240814144527_remove_allow_pptas_client.up.sql b/migrations/app/schema/20240814144527_remove_allow_pptas_client.up.sql new file mode 100644 index 00000000000..5c228372005 --- /dev/null +++ b/migrations/app/schema/20240814144527_remove_allow_pptas_client.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE client_certs + DROP COLUMN allow_pptas; \ No newline at end of file diff --git a/migrations/app/secure/20240729162353_joseph_doye_cn_cac.up.sql b/migrations/app/secure/20240729162353_joseph_doye_cn_cac.up.sql index d487c209eaf..834a4aab223 100644 --- a/migrations/app/secure/20240729162353_joseph_doye_cn_cac.up.sql +++ b/migrations/app/secure/20240729162353_joseph_doye_cn_cac.up.sql @@ -5,10 +5,6 @@ -- Using a person's CAC as the certificate is a convenient way to permit a -- single trusted individual to interact with the Orders API and the Prime API. Eventually -- this CAC certificate should be removed. -DELETE FROM client_certs WHERE user_id = '545f3a07-76dd-4c62-8541-0353cb507d17'; -DELETE FROM users_roles WHERE user_id = '545f3a07-76dd-4c62-8541-0353cb507d17'; -DELETE FROM users WHERE id = '545f3a07-76dd-4c62-8541-0353cb507d17'; - INSERT INTO users ( id, okta_email, @@ -27,7 +23,7 @@ INSERT INTO users_roles ( created_at, updated_at) VALUES ( - '545f3a07-76dd-4c62-8541-0353cb507d17', + uuid_generate_v4(), (SELECT id FROM roles WHERE role_type = 'prime'), '545f3a07-76dd-4c62-8541-0353cb507d17', now(), diff --git a/migrations/app/secure/20240729164930_mai_do_cac.up.sql b/migrations/app/secure/20240729164930_mai_do_cac.up.sql index 6fe8b69d5e1..3989bd2bcff 100644 --- a/migrations/app/secure/20240729164930_mai_do_cac.up.sql +++ b/migrations/app/secure/20240729164930_mai_do_cac.up.sql @@ -5,10 +5,6 @@ -- Using a person's CAC as the certificate is a convenient way to permit a -- single trusted individual to interact with the Orders API and the Prime API. Eventually -- this CAC certificate should be removed. -DELETE FROM client_certs WHERE user_id = 'b64ad6b2-3229-4204-9d21-8031988caf60'; -DELETE FROM users_roles WHERE user_id = 'b64ad6b2-3229-4204-9d21-8031988caf60'; -DELETE FROM users WHERE id = 'b64ad6b2-3229-4204-9d21-8031988caf60'; - INSERT INTO users ( id, okta_email, @@ -27,7 +23,7 @@ INSERT INTO users_roles ( created_at, updated_at) VALUES ( - 'b64ad6b2-3229-4204-9d21-8031988caf60', + uuid_generate_v4(), (SELECT id FROM roles WHERE role_type = 'prime'), 'b64ad6b2-3229-4204-9d21-8031988caf60', now(), diff --git a/pkg/cli/hosts.go b/pkg/cli/hosts.go index c8acf9720b3..a2ae02db622 100644 --- a/pkg/cli/hosts.go +++ b/pkg/cli/hosts.go @@ -49,7 +49,6 @@ func InitHostFlags(flag *pflag.FlagSet) { flag.String(HTTPAdminServerNameFlag, HTTPAdminServerNameLocal, "Hostname according to environment.") flag.String(HTTPOrdersServerNameFlag, HTTPOrdersServerNameLocal, "Hostname according to environment.") flag.String(HTTPPrimeServerNameFlag, HTTPPrimeServerNameLocal, "Hostname according to environment.") - flag.String(HTTPPPTASServerNameFlag, HTTPPrimeServerNameLocal, "Hostname according to environment.") } // CheckHosts validates the Hosts command line flags @@ -61,7 +60,6 @@ func CheckHosts(v *viper.Viper) error { HTTPAdminServerNameFlag, HTTPOrdersServerNameFlag, HTTPPrimeServerNameFlag, - HTTPPPTASServerNameFlag, } for _, c := range hostVars { diff --git a/pkg/cli/services.go b/pkg/cli/services.go index 2653d1a8181..0efdcff646c 100644 --- a/pkg/cli/services.go +++ b/pkg/cli/services.go @@ -39,7 +39,6 @@ func InitServiceFlags(flag *pflag.FlagSet) { flag.Bool(ServeSupportFlag, false, "Enable the Support Service.") flag.Bool(ServePrimeSimulatorFlag, false, "Enable the Prime Simulator Service.") flag.Bool(ServeClientCollectorFlag, false, "Enable the Client Collector.") - flag.Bool(ServePPTASFlag, false, "Enable the PPTAS API Service.") } // CheckServices validates these lovely service flags @@ -50,7 +49,6 @@ func CheckServices(v *viper.Viper) error { ghcAPIEnabled := v.GetBool(ServeGHCFlag) primeAPIEnabled := v.GetBool(ServePrimeFlag) primeSimulatorEnabled := v.GetBool(ServePrimeSimulatorFlag) - pptasEnabled := v.GetBool(ServePPTASFlag) // Oops none of the flags used if (!adminEnabled) && @@ -58,8 +56,7 @@ func CheckServices(v *viper.Viper) error { (!internalAPIEnabled) && (!ghcAPIEnabled) && (!primeAPIEnabled) && - (!primeSimulatorEnabled) && - (!pptasEnabled) { + (!primeSimulatorEnabled) { return fmt.Errorf("no service was enabled") } diff --git a/pkg/factory/client_cert_factory.go b/pkg/factory/client_cert_factory.go index 3b687610157..c3fe0345490 100644 --- a/pkg/factory/client_cert_factory.go +++ b/pkg/factory/client_cert_factory.go @@ -23,7 +23,6 @@ func BuildClientCert(db *pop.Connection, customs []Customization, traits []Trait var cClientCert models.ClientCert // default to allowing prime defaultAllowPrime := true - defaultAllowPPTAS := true if result := findValidCustomization(customs, ClientCert); result != nil { cClientCert = result.Model.(models.ClientCert) if result.LinkOnly { @@ -32,7 +31,6 @@ func BuildClientCert(db *pop.Connection, customs []Customization, traits []Trait // if customization is provided, explicitly override it to // allow false to override true defaultAllowPrime = cClientCert.AllowPrime - defaultAllowPPTAS = cClientCert.AllowPPTAS } user := BuildUserAndUsersRoles(db, customs, traits) @@ -45,7 +43,6 @@ func BuildClientCert(db *pop.Connection, customs []Customization, traits []Trait Subject: "/C=US/ST=DC/L=Washington/O=Truss/OU=AppClientTLS/CN=factory-" + id.String(), UserID: user.ID, AllowPrime: defaultAllowPrime, - AllowPPTAS: defaultAllowPPTAS, } // Overwrite values with those from customizations @@ -96,7 +93,6 @@ func GetTraitClientCertDevlocal() []Customization { Sha256Digest: devlocalSha256Digest, Subject: devlocalSubject, AllowPrime: true, - AllowPPTAS: true, }, }, } diff --git a/pkg/gen/adminapi/embedded_spec.go b/pkg/gen/adminapi/embedded_spec.go index 6ac24797879..0200199cf88 100644 --- a/pkg/gen/adminapi/embedded_spec.go +++ b/pkg/gen/adminapi/embedded_spec.go @@ -2082,9 +2082,6 @@ func init() { "allowOrdersAPI": { "type": "boolean" }, - "allowPPTAS": { - "type": "boolean" - }, "allowPrime": { "type": "boolean" }, @@ -2159,9 +2156,6 @@ func init() { "allowOrdersAPI": { "type": "boolean" }, - "allowPPTAS": { - "type": "boolean" - }, "allowPrime": { "type": "boolean" }, @@ -2230,10 +2224,6 @@ func init() { "type": "boolean", "x-nullable": true }, - "allowPPTAS": { - "type": "boolean", - "x-nullable": true - }, "allowPrime": { "type": "boolean", "x-nullable": true @@ -5430,9 +5420,6 @@ func init() { "allowOrdersAPI": { "type": "boolean" }, - "allowPPTAS": { - "type": "boolean" - }, "allowPrime": { "type": "boolean" }, @@ -5507,9 +5494,6 @@ func init() { "allowOrdersAPI": { "type": "boolean" }, - "allowPPTAS": { - "type": "boolean" - }, "allowPrime": { "type": "boolean" }, @@ -5578,10 +5562,6 @@ func init() { "type": "boolean", "x-nullable": true }, - "allowPPTAS": { - "type": "boolean", - "x-nullable": true - }, "allowPrime": { "type": "boolean", "x-nullable": true diff --git a/pkg/gen/adminmessages/client_certificate.go b/pkg/gen/adminmessages/client_certificate.go index 4fc1291564a..ef91225f3c5 100644 --- a/pkg/gen/adminmessages/client_certificate.go +++ b/pkg/gen/adminmessages/client_certificate.go @@ -55,9 +55,6 @@ type ClientCertificate struct { // allow orders API AllowOrdersAPI bool `json:"allowOrdersAPI,omitempty"` - // allow p p t a s - AllowPPTAS bool `json:"allowPPTAS,omitempty"` - // allow prime AllowPrime bool `json:"allowPrime,omitempty"` diff --git a/pkg/gen/adminmessages/client_certificate_create.go b/pkg/gen/adminmessages/client_certificate_create.go index 6e26adec22b..e1a53c25547 100644 --- a/pkg/gen/adminmessages/client_certificate_create.go +++ b/pkg/gen/adminmessages/client_certificate_create.go @@ -52,9 +52,6 @@ type ClientCertificateCreate struct { // allow orders API AllowOrdersAPI bool `json:"allowOrdersAPI,omitempty"` - // allow p p t a s - AllowPPTAS bool `json:"allowPPTAS,omitempty"` - // allow prime AllowPrime bool `json:"allowPrime,omitempty"` diff --git a/pkg/gen/adminmessages/client_certificate_update.go b/pkg/gen/adminmessages/client_certificate_update.go index 1972a86fd54..027653a33c6 100644 --- a/pkg/gen/adminmessages/client_certificate_update.go +++ b/pkg/gen/adminmessages/client_certificate_update.go @@ -53,9 +53,6 @@ type ClientCertificateUpdate struct { // allow orders API AllowOrdersAPI *bool `json:"allowOrdersAPI,omitempty"` - // allow p p t a s - AllowPPTAS *bool `json:"allowPPTAS,omitempty"` - // allow prime AllowPrime *bool `json:"allowPrime,omitempty"` diff --git a/pkg/gen/pptasapi/doc.go b/pkg/gen/pptasapi/doc.go index cd2e2a8302e..f91069f2715 100644 --- a/pkg/gen/pptasapi/doc.go +++ b/pkg/gen/pptasapi/doc.go @@ -5,12 +5,12 @@ // The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request // information relating to current moves in progress. // -// All endpoints are located at `/pptas/v1`. +// All endpoints are located at `/prime/pptas/`. // // Schemes: // http // Host: primelocal -// BasePath: /pptas/v1 +// BasePath: /prime/pptas // Version: 0.0.1 // License: MIT https://opensource.org/licenses/MIT // Contact: diff --git a/pkg/gen/pptasapi/embedded_spec.go b/pkg/gen/pptasapi/embedded_spec.go index e887968b732..60509506328 100644 --- a/pkg/gen/pptasapi/embedded_spec.go +++ b/pkg/gen/pptasapi/embedded_spec.go @@ -29,7 +29,7 @@ func init() { ], "swagger": "2.0", "info": { - "description": "The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request\ninformation relating to current moves in progress.\n\nAll endpoints are located at ` + "`" + `/pptas/v1` + "`" + `.\n", + "description": "The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request\ninformation relating to current moves in progress.\n\nAll endpoints are located at ` + "`" + `/prime/pptas/` + "`" + `.\n", "title": "MilMove PPTAS API", "contact": { "email": "milmove-developers@caci.com" @@ -41,7 +41,7 @@ func init() { "version": "0.0.1" }, "host": "primelocal", - "basePath": "/pptas/v1", + "basePath": "/prime/pptas", "paths": { "/moves": { "get": { @@ -195,7 +195,7 @@ func init() { ], "swagger": "2.0", "info": { - "description": "The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request\ninformation relating to current moves in progress.\n\nAll endpoints are located at ` + "`" + `/pptas/v1` + "`" + `.\n", + "description": "The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request\ninformation relating to current moves in progress.\n\nAll endpoints are located at ` + "`" + `/prime/pptas/` + "`" + `.\n", "title": "MilMove PPTAS API", "contact": { "email": "milmove-developers@caci.com" @@ -207,7 +207,7 @@ func init() { "version": "0.0.1" }, "host": "primelocal", - "basePath": "/pptas/v1", + "basePath": "/prime/pptas", "paths": { "/moves": { "get": { diff --git a/pkg/gen/pptasapi/pptasoperations/moves/list_moves_urlbuilder.go b/pkg/gen/pptasapi/pptasoperations/moves/list_moves_urlbuilder.go index c6dc91a2b6c..2371770adb2 100644 --- a/pkg/gen/pptasapi/pptasoperations/moves/list_moves_urlbuilder.go +++ b/pkg/gen/pptasapi/pptasoperations/moves/list_moves_urlbuilder.go @@ -45,7 +45,7 @@ func (o *ListMovesURL) Build() (*url.URL, error) { _basePath := o._basePath if _basePath == "" { - _basePath = "/pptas/v1" + _basePath = "/prime/pptas" } _result.Path = golangswaggerpaths.Join(_basePath, _path) diff --git a/pkg/gen/pptasapi/pptasoperations/mymove_api.go b/pkg/gen/pptasapi/pptasoperations/mymove_api.go index 577f7da53a0..46b9e47ce95 100644 --- a/pkg/gen/pptasapi/pptasoperations/mymove_api.go +++ b/pkg/gen/pptasapi/pptasoperations/mymove_api.go @@ -54,7 +54,7 @@ func NewMymoveAPI(spec *loads.Document) *MymoveAPI { MymoveAPI The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request information relating to current moves in progress. -All endpoints are located at `/pptas/v1`. +All endpoints are located at `/prime/pptas/`. */ type MymoveAPI struct { spec *loads.Document diff --git a/pkg/gen/pptasclient/mymove_client.go b/pkg/gen/pptasclient/mymove_client.go index 56d17bf1678..b8f9241d2f0 100644 --- a/pkg/gen/pptasclient/mymove_client.go +++ b/pkg/gen/pptasclient/mymove_client.go @@ -22,7 +22,7 @@ const ( DefaultHost string = "primelocal" // DefaultBasePath is the default BasePath // found in Meta (info) section of spec file - DefaultBasePath string = "/pptas/v1" + DefaultBasePath string = "/prime/pptas" ) // DefaultSchemes are the default schemes found in Meta (info) section of spec file diff --git a/pkg/handlers/adminapi/client_certs.go b/pkg/handlers/adminapi/client_certs.go index 4609ecc9c05..15bfa2fc5a3 100644 --- a/pkg/handlers/adminapi/client_certs.go +++ b/pkg/handlers/adminapi/client_certs.go @@ -38,7 +38,6 @@ func payloadForClientCertModel(o models.ClientCert) *adminmessages.ClientCertifi AllowNavyOrdersRead: o.AllowNavyOrdersRead, AllowNavyOrdersWrite: o.AllowNavyOrdersWrite, AllowPrime: o.AllowPrime, - AllowPPTAS: o.AllowPPTAS, } return payload } diff --git a/pkg/handlers/apitests.go b/pkg/handlers/apitests.go index 9ae4dfc960c..bdea66989d8 100644 --- a/pkg/handlers/apitests.go +++ b/pkg/handlers/apitests.go @@ -51,7 +51,7 @@ func ApplicationTestServername() auth.ApplicationServername { OrdersServername: OrdersTestHost, AdminServername: AdminTestHost, PrimeServername: PrimeTestHost, - PPTASServerName: PrimeTestHost, + PPTASServerName: PPTASTestHost, } } diff --git a/pkg/handlers/authentication/auth.go b/pkg/handlers/authentication/auth.go index 226cbe88e1a..671ab83ea12 100644 --- a/pkg/handlers/authentication/auth.go +++ b/pkg/handlers/authentication/auth.go @@ -410,30 +410,6 @@ func PrimeAuthorizationMiddleware(_ *zap.Logger) func(next http.Handler) http.Ha } } -// PPTASAuthorizationMiddleware is the PPTAS authorization middleware -func PPTASAuthorizationMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler { - return func(next http.Handler) http.Handler { - mw := func(w http.ResponseWriter, r *http.Request) { - logger := logging.FromContext(r.Context()) - clientCert := ClientCertFromContext(r.Context()) - if clientCert == nil { - logger.Error("unauthorized user for PPTAS") - http.Error(w, http.StatusText(401), http.StatusUnauthorized) - return - } - if !clientCert.AllowPPTAS { - logger.Error("forbidden user for PPTAS") - http.Error(w, http.StatusText(403), http.StatusForbidden) - return - } - - next.ServeHTTP(w, r) - } - - return http.HandlerFunc(mw) - } -} - // PrimeSimulatorAuthorizationMiddleware ensures only users with the // prime simulator role can access the simulator func PrimeSimulatorAuthorizationMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler { diff --git a/pkg/handlers/authentication/auth_test.go b/pkg/handlers/authentication/auth_test.go index 6b1614273c4..91851e866c8 100644 --- a/pkg/handlers/authentication/auth_test.go +++ b/pkg/handlers/authentication/auth_test.go @@ -1753,28 +1753,3 @@ func (suite *AuthSuite) TestAuthorizePrime() { suite.Equal(http.StatusUnauthorized, rr.Code) } - -func (suite *AuthSuite) TestAuthorizePPTAS() { - clientCert := factory.FetchOrBuildDevlocalClientCert(suite.DB()) - - handlerConfig := suite.HandlerConfig() - appnames := handlerConfig.AppNames() - req := httptest.NewRequest("GET", fmt.Sprintf("http://%s/pptas/v1", appnames.PrimeServername), nil) - - handler := http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {}) - middleware := PPTASAuthorizationMiddleware(suite.Logger())(handler) - rr := httptest.NewRecorder() - - ctx := SetClientCertInRequestContext(req, &clientCert) - req = req.WithContext(ctx) - middleware.ServeHTTP(rr, req) - - suite.Equal(http.StatusOK, rr.Code) - - // no cert in request - rr = httptest.NewRecorder() - req = httptest.NewRequest("GET", fmt.Sprintf("http://%s/pptas/v1", appnames.PrimeServername), nil) - middleware.ServeHTTP(rr, req) - - suite.Equal(http.StatusUnauthorized, rr.Code) -} diff --git a/pkg/handlers/pptasapi/api.go b/pkg/handlers/pptasapi/api.go index 421d3bbcc18..72e7ac67343 100644 --- a/pkg/handlers/pptasapi/api.go +++ b/pkg/handlers/pptasapi/api.go @@ -2,6 +2,7 @@ package pptasapi import ( "log" + "net/http" "github.com/go-openapi/loads" @@ -11,7 +12,8 @@ import ( movetaskorder "github.com/transcom/mymove/pkg/services/move_task_order" ) -func NewPPTASAPI(handlerConfig handlers.HandlerConfig) *pptasops.MymoveAPI { +func NewPPTASApiHandler(handlerConfig handlers.HandlerConfig) http.Handler { + pptasSpec, err := loads.Analyzed(pptasapi.SwaggerJSON, "") if err != nil { log.Fatalln(err) @@ -24,5 +26,5 @@ func NewPPTASAPI(handlerConfig handlers.HandlerConfig) *pptasops.MymoveAPI { MoveTaskOrderFetcher: movetaskorder.NewMoveTaskOrderFetcher(), } - return pptasAPI + return pptasAPI.Serve(nil) } diff --git a/pkg/handlers/routing/base_routing_suite.go b/pkg/handlers/routing/base_routing_suite.go index 092a304a174..32e4ed985fe 100644 --- a/pkg/handlers/routing/base_routing_suite.go +++ b/pkg/handlers/routing/base_routing_suite.go @@ -109,7 +109,6 @@ func (suite *BaseRoutingSuite) RoutingConfig() *Config { // include all these as true to increase test coverage ServeSwaggerUI: true, ServePrime: true, - ServePPTAS: true, ServeSupport: true, ServeDebugPProf: true, ServeAPIInternal: true, diff --git a/pkg/handlers/routing/pptasapi_test/pptasapi_test.go b/pkg/handlers/routing/pptasapi_test/pptasapi_test.go deleted file mode 100644 index fe94efff168..00000000000 --- a/pkg/handlers/routing/pptasapi_test/pptasapi_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package pptasapi_test - -import ( - "testing" - - "github.com/stretchr/testify/suite" - - "github.com/transcom/mymove/pkg/handlers/routing" -) - -// Pptas tests using full routing -// -// These tests need to be in a package other than handlers/pptas -// because otherwise import loops occur -// (pptas -> routing -> pptas) -type PPTASAPISuite struct { - routing.BaseRoutingSuite -} - -func TestPptasSuite(t *testing.T) { - hs := &PPTASAPISuite{ - routing.NewBaseRoutingSuite(), - } - suite.Run(t, hs) - hs.PopTestSuite.TearDown() -} diff --git a/pkg/handlers/routing/pptasapi_test/swagger_test.go b/pkg/handlers/routing/pptasapi_test/swagger_test.go deleted file mode 100644 index 8cb718db261..00000000000 --- a/pkg/handlers/routing/pptasapi_test/swagger_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package pptasapi_test - -import ( - "io" - "net/http" - "net/http/httptest" - - "github.com/transcom/mymove/pkg/factory" -) - -func (suite *PPTASAPISuite) TestSwaggerYaml() { - routingConfig := suite.RoutingConfig() - routingConfig.PPTASSwaggerPath = "foo/bar/baz" - swaggerContent := "some\nswagger\ncontent\n" - suite.CreateFileWithContent(routingConfig.PPTASSwaggerPath, swaggerContent) - siteHandler := suite.SetupCustomSiteHandler(routingConfig) - - cert := factory.BuildPrimeClientCert(suite.DB()) - req := suite.NewAuthenticatedPrimeRequest("GET", "/pptas/v1/swagger.yaml", nil, cert) - rr := httptest.NewRecorder() - siteHandler.ServeHTTP(rr, req) - suite.Equal(http.StatusOK, rr.Code) - actualData, err := io.ReadAll(rr.Body) - suite.NoError(err) - suite.Equal(swaggerContent, string(actualData)) -} diff --git a/pkg/handlers/routing/routing_init.go b/pkg/handlers/routing/routing_init.go index 7a61fa3ccf3..7329bbeec67 100644 --- a/pkg/handlers/routing/routing_init.go +++ b/pkg/handlers/routing/routing_init.go @@ -105,7 +105,7 @@ type Config struct { // Should the pptas api be served? ServePPTAS bool - // The path to the pptas api swagger definition + // The path to the ghc api swagger definition PPTASSwaggerPath string // Should devlocal auth be enabled? Definitely never enabled in @@ -357,46 +357,24 @@ func mountPrimeAPI(appCtx appcontext.AppContext, routingConfig *Config, site chi tracingMiddleware := middleware.OpenAPITracing(api) r.Mount("/", api.Serve(tracingMiddleware)) }) - }) - } -} - -// PPTAS API to serve under the mTLS "Api" / "Prime" API server to support Navy requests -func mountPPTASAPI(appCtx appcontext.AppContext, routingConfig *Config, site chi.Router) { - if routingConfig.ServePPTAS { - clientCertMiddleware := authentication.ClientCertMiddleware(appCtx) - site.Route("/pptas/v1", func(r chi.Router) { - if routingConfig.ServeDevlocalAuth { - devlocalClientCertMiddleware := authentication.DevlocalClientCertMiddleware(appCtx) - r.Use(devlocalClientCertMiddleware) - } else { - r.Use(clientCertMiddleware) - } - r.Use(authentication.PPTASAuthorizationMiddleware(appCtx.Logger())) - r.Use(middleware.NoCache()) - r.Use(middleware.RequestLogger()) - r.Method( - "GET", - "/swagger.yaml", - handlers.NewFileHandler(routingConfig.FileSystem, - routingConfig.PPTASSwaggerPath)) - if routingConfig.ServeSwaggerUI { - r.Method("GET", "/docs", + // Setup PPTAS API + primeRouter.Route("/pptas", func(r chi.Router) { + r.Method("GET", "/swagger.yaml", handlers.NewFileHandler(routingConfig.FileSystem, - path.Join(routingConfig.BuildRoot, "swagger-ui", "pptas.html"))) - } else { - r.Method("GET", "/docs", http.NotFoundHandler()) - } - api := pptasapi.NewPPTASAPI(routingConfig.HandlerConfig) - tracingMiddleware := middleware.OpenAPITracing(api) - r.Mount("/", api.Serve(tracingMiddleware)) + routingConfig.PPTASSwaggerPath)) + if routingConfig.ServeSwaggerUI { + r.Method("GET", "/docs", + handlers.NewFileHandler(routingConfig.FileSystem, + path.Join(routingConfig.BuildRoot, "swagger-ui", "pptas.html"))) + } else { + r.Method("GET", "/docs", http.NotFoundHandler()) + } + r.Mount("/", pptasapi.NewPPTASApiHandler(routingConfig.HandlerConfig)) + }) }) } } -// Remember that the support api is to assist inside of dev/stg for endpoints such as -// manually invoking the EDI858 generator for a given payment request. It should never -// be utilized in production func mountSupportAPI(appCtx appcontext.AppContext, routingConfig *Config, site chi.Router) { if routingConfig.ServeSupport { clientCertMiddleware := authentication.ClientCertMiddleware(appCtx) @@ -629,6 +607,28 @@ func mountPrimeSimulatorAPI(appCtx appcontext.AppContext, routingConfig *Config, }) }) } + site.Route("/prime/pptas", func(r chi.Router) { + r.Method("GET", "/swagger.yaml", + handlers.NewFileHandler(routingConfig.FileSystem, + routingConfig.PPTASSwaggerPath)) + if routingConfig.ServeSwaggerUI { + appCtx.Logger().Info("PPTAS API Swagger UI serving is enabled") + r.Method("GET", "/docs", + handlers.NewFileHandler(routingConfig.FileSystem, + path.Join(routingConfig.BuildRoot, "swagger-ui", "pptas.html"))) + } else { + r.Method("GET", "/docs", http.NotFoundHandler()) + } + + // Mux for PPTAS API that enforces auth + r.Route("/", func(rAuth chi.Router) { + rAuth.Use(userAuthMiddleware) + rAuth.Use(addAuditUserToRequestContextMiddleware) + rAuth.Use(authentication.PrimeSimulatorAuthorizationMiddleware(appCtx.Logger())) + rAuth.Use(middleware.NoCache()) + rAuth.Mount("/", pptasapi.NewPPTASApiHandler(routingConfig.HandlerConfig)) + }) + }) } } @@ -792,8 +792,6 @@ func newAdminRouter(appCtx appcontext.AppContext, redisPool *redis.Pool, return site } -// This "Prime" router is really just the "API" router for MilMove. -// It was initially just named under "Prime" as it was the only use of the router func newPrimeRouter(appCtx appcontext.AppContext, redisPool *redis.Pool, routingConfig *Config, telemetryConfig *telemetry.Config, serverName string) chi.Router { @@ -803,7 +801,7 @@ func newPrimeRouter(appCtx appcontext.AppContext, redisPool *redis.Pool, mountPrimeAPI(appCtx, routingConfig, site) mountSupportAPI(appCtx, routingConfig, site) mountTestharnessAPI(appCtx, routingConfig, site) - mountPPTASAPI(appCtx, routingConfig, site) + return site } @@ -814,7 +812,7 @@ func InitRouting(serverName string, appCtx appcontext.AppContext, redisPool *red // check for missing CSRF middleware ASAP if routingConfig.CSRFMiddleware == nil { - return nil, errors.New("missing CSRF Middleware") + return nil, errors.New("Missing CSRF Middleware") } // With chi, we have to register all middleware before setting up @@ -830,6 +828,7 @@ func InitRouting(serverName string, appCtx appcontext.AppContext, redisPool *red hostRouter.Map(milServerName, milRouter) officeServerName := routingConfig.HandlerConfig.AppNames().OfficeServername + officeRouter := newOfficeRouter(appCtx, redisPool, routingConfig, telemetryConfig, serverName) hostRouter.Map(officeServerName, officeRouter) diff --git a/pkg/models/client_cert.go b/pkg/models/client_cert.go index c0e3a23a3da..233a9135110 100644 --- a/pkg/models/client_cert.go +++ b/pkg/models/client_cert.go @@ -29,7 +29,6 @@ type ClientCert struct { AllowNavyOrdersRead bool `db:"allow_navy_orders_read"` AllowNavyOrdersWrite bool `db:"allow_navy_orders_write"` AllowPrime bool `db:"allow_prime"` - AllowPPTAS bool `db:"allow_pptas"` UserID uuid.UUID `db:"user_id"` } diff --git a/pkg/services/clientcert/client_cert_updater.go b/pkg/services/clientcert/client_cert_updater.go index 00211470000..af30070ce88 100644 --- a/pkg/services/clientcert/client_cert_updater.go +++ b/pkg/services/clientcert/client_cert_updater.go @@ -70,9 +70,6 @@ func (o *clientCertUpdater) UpdateClientCert(appCtx appcontext.AppContext, id uu if payload.AllowPrime != nil { foundClientCert.AllowPrime = *payload.AllowPrime } - if payload.AllowPPTAS != nil { - foundClientCert.AllowPPTAS = *payload.AllowPPTAS - } verrs, err := o.builder.UpdateOne(appCtx, &foundClientCert, nil) if verrs != nil || err != nil { diff --git a/public/swagger-ui/pptas.html b/public/swagger-ui/pptas.html index 1978f0a9fe7..79e7991afc4 100644 --- a/public/swagger-ui/pptas.html +++ b/public/swagger-ui/pptas.html @@ -94,7 +94,7 @@ }; // Build a system const ui = SwaggerUIBundle({ - url: "/pptas/v1/swagger.yaml", + url: "/prime/pptas/swagger.yaml", requestInterceptor: requestInterceptor, dom_id: '#swagger-ui', deepLinking: true, @@ -111,4 +111,4 @@ - + \ No newline at end of file diff --git a/src/pages/Admin/ClientCerts/ClientCertCreate.jsx b/src/pages/Admin/ClientCerts/ClientCertCreate.jsx index 3416445806b..a69d6c07435 100644 --- a/src/pages/Admin/ClientCerts/ClientCertCreate.jsx +++ b/src/pages/Admin/ClientCerts/ClientCertCreate.jsx @@ -34,13 +34,6 @@ const ClientCertCreate = (props) => ( { id: false, name: 'No' }, ]} /> - ( /> ( { id: false, name: 'No' }, ]} /> - diff --git a/src/pages/Admin/ClientCerts/ClientCertList.jsx b/src/pages/Admin/ClientCerts/ClientCertList.jsx index a63553c665c..2343ac72677 100644 --- a/src/pages/Admin/ClientCerts/ClientCertList.jsx +++ b/src/pages/Admin/ClientCerts/ClientCertList.jsx @@ -48,7 +48,6 @@ const ClientCertList = (props) => { - diff --git a/src/pages/Admin/ClientCerts/ClientCertShow.jsx b/src/pages/Admin/ClientCerts/ClientCertShow.jsx index bf09e79650e..a5f567f3cfe 100644 --- a/src/pages/Admin/ClientCerts/ClientCertShow.jsx +++ b/src/pages/Admin/ClientCerts/ClientCertShow.jsx @@ -38,7 +38,6 @@ const ClientCertShow = (props) => { - diff --git a/src/setupProxy.js b/src/setupProxy.js index 3a6b0f36484..645b0554416 100644 --- a/src/setupProxy.js +++ b/src/setupProxy.js @@ -6,7 +6,6 @@ module.exports = (app) => { app.use(createProxyMiddleware('/admin', { target: 'http://milmovelocal:8080/' })); app.use(createProxyMiddleware('/ghc', { target: 'http://milmovelocal:8080/' })); app.use(createProxyMiddleware('/prime', { target: 'http://milmovelocal:8080/' })); - app.use(createProxyMiddleware('/pptas', { target: 'http://milmovelocal:8080/' })); app.use(createProxyMiddleware('/support', { target: 'http://milmovelocal:8080/' })); app.use(createProxyMiddleware('/testharness', { target: 'http://milmovelocal:8080/' })); app.use(createProxyMiddleware('/storage', { target: 'http://milmovelocal:8080/' })); diff --git a/swagger-def/admin.yaml b/swagger-def/admin.yaml index 4a385597a9b..fdd563715b0 100644 --- a/swagger-def/admin.yaml +++ b/swagger-def/admin.yaml @@ -358,8 +358,6 @@ definitions: type: boolean allowPrime: type: boolean - allowPPTAS: - type: boolean ClientCertificates: type: array items: @@ -404,8 +402,6 @@ definitions: type: boolean allowPrime: type: boolean - allowPPTAS: - type: boolean ClientCertificateUpdate: type: object properties: @@ -454,9 +450,6 @@ definitions: allowPrime: type: boolean x-nullable: true - allowPPTAS: - type: boolean - x-nullable: true ClientError: type: object properties: diff --git a/swagger-def/info/pptas_description.md b/swagger-def/info/pptas_description.md index da5392b8b46..8c3592f39dd 100644 --- a/swagger-def/info/pptas_description.md +++ b/swagger-def/info/pptas_description.md @@ -1,4 +1,4 @@ The PPTAS API is a RESTful API that enables the Navy's PPTAS system to request information relating to current moves in progress. -All endpoints are located at `/pptas/v1`. +All endpoints are located at `/prime/pptas/`. diff --git a/swagger-def/pptas.yaml b/swagger-def/pptas.yaml index 9323a4f8287..cf43eb77488 100644 --- a/swagger-def/pptas.yaml +++ b/swagger-def/pptas.yaml @@ -9,7 +9,7 @@ info: email: milmove-developers@caci.com description: $ref: 'info/pptas_description.md' -basePath: /pptas/v1 +basePath: /prime/pptas host: primelocal consumes: - application/json diff --git a/swagger/admin.yaml b/swagger/admin.yaml index 498f25bb1fb..19494c81d8a 100644 --- a/swagger/admin.yaml +++ b/swagger/admin.yaml @@ -362,8 +362,6 @@ definitions: type: boolean allowPrime: type: boolean - allowPPTAS: - type: boolean ClientCertificates: type: array items: @@ -408,8 +406,6 @@ definitions: type: boolean allowPrime: type: boolean - allowPPTAS: - type: boolean ClientCertificateUpdate: type: object properties: @@ -458,9 +454,6 @@ definitions: allowPrime: type: boolean x-nullable: true - allowPPTAS: - type: boolean - x-nullable: true ClientError: type: object properties: diff --git a/swagger/pptas.yaml b/swagger/pptas.yaml index f59b61ccd34..63935669387 100644 --- a/swagger/pptas.yaml +++ b/swagger/pptas.yaml @@ -14,8 +14,8 @@ info: information relating to current moves in progress. - All endpoints are located at `/pptas/v1`. -basePath: /pptas/v1 + All endpoints are located at `/prime/pptas/`. +basePath: /prime/pptas host: primelocal consumes: - application/json