Merge pull request #11002 from 18F/stages/rc-2024-07-30

Deploy RC 401 to Production

.gitlab-ci.yml

@@ -446,16 +446,16 @@ trigger_devops:
           "throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1",
           "url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379"
         },
-        "assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
+        "assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
+        "domainName": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
         "loginDatacenter": "true",
         "loginDomain": "identitysandbox.gov",
         "loginEnv": "$CI_ENVIRONMENT_SLUG",
         "loginHostRole": "idp",
         "loginSkipRemoteConfig": "true",
-        "pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov/",
-        "pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov/",
-        "dashboardUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov"
+        "pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
+        "pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
+        "dashboardUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov"
       }
       EOF
       )
@@ -478,30 +478,30 @@ trigger_devops:
           "throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1",
           "url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379"
         },
-        "assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
+        "assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
+        "domainName": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
         "loginDatacenter": "true",
         "loginDomain": "identitysandbox.gov",
         "loginEnv": "$CI_ENVIRONMENT_SLUG",
         "loginHostRole": "worker",
         "loginSkipRemoteConfig": "true",
-        "pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov/",
-        "pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov/"
+        "pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
+        "pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/"
       }
       EOF
       )
     - |-
       export PIVCAC_CONFIG=$(cat <<EOF
       {
         "kubernetesReviewApp": "true",
-        "clientCertS3Bucket": "login-gov-pivcac-public-cert-reviewapp.894947205914-us-west-2",
+        "clientCertS3Bucket": "login-gov-pivcac-public-cert-reviewapps.894947205914-us-west-2",
         "postgres": {
           "sslmode": "prefer",
           "name": "idp",
           "host": "$CI_ENVIRONMENT_SLUG-login-chart-pivcac-pg.review-apps"
         },
-        "idpHost": "$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov"
+        "idpHost": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
+        "domainName": "$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov"
       }
       EOF
       )
@@ -517,19 +517,19 @@ trigger_devops:
         "newrelic": {
           "enabled": "false"
         },
-        "samlSpIssuer": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov",
-        "idpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
-        "idpSpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov",
-        "postLogoutUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov"
+        "samlSpIssuer": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov",
+        "idpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
+        "idpSpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
+        "postLogoutUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov",
+        "domainName": "$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov"
       }
       EOF
       )
     - git clone -b main --single-branch https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.login.gov/lg-public/identity-idp-helm-chart.git
     - >-
       helm upgrade --install --namespace review-apps
       --debug
-      --set env="reviewapp-$CI_ENVIRONMENT_SLUG"
+      --set env="reviewapps-$CI_ENVIRONMENT_SLUG"
       --set idp.image.repository="${ECR_REGISTRY}/identity-idp/review"
       --set idp.image.tag="${CI_COMMIT_SHA}"
       --set worker.image.repository="${ECR_REGISTRY}/identity-idp/review"
@@ -545,31 +545,31 @@ trigger_devops:
       --set-json idp.config="$IDP_CONFIG"
       --set-json worker.config="$WORKER_CONFIG"
       --set-json pivcac.config="$PIVCAC_CONFIG"
-      --set-json idp.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
-      --set-json pivcac.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
-      --set-json dashboard.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
+      --set-json idp.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
+      --set-json pivcac.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
+      --set-json dashboard.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
       $CI_ENVIRONMENT_SLUG ./identity-idp-helm-chart
     - echo "DNS may take a while to propagate, so be patient if it doesn't show up right away"
     - echo "To access the rails console, first run 'aws-vault exec sandbox-power -- aws eks update-kubeconfig --name reviewapp'"
     - echo "Then run aws-vault exec sandbox-power -- kubectl exec -it service/$CI_ENVIRONMENT_SLUG-login-chart-idp -n review-apps -- /app/bin/rails console"
     - echo "Address of IDP review app:"
-    - echo https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov
+    - echo https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
     - echo "Address of PIVCAC review app:"
-    - echo https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapp.identitysandbox.gov
+    - echo https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov
     - echo "Address of Dashboard review app:"
-    - echo https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapp.identitysandbox.gov
+    - echo https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov
 
 
 review-app:
   stage: review
   allow_failure: true
   needs:
     - job: build-review-image
-  resource_group: $CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov
+  resource_group: $CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
   extends: .deploy
   environment:
     name: review/$CI_COMMIT_REF_NAME
-    url: https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov
+    url: https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
     on_stop: stop-review-app
     auto_stop_in: 2 days
   rules:
@@ -578,7 +578,7 @@ review-app:
       when: never
 
 stop-review-app:
-  resource_group: $CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov
+  resource_group: $CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
   script:
     - export CONTEXT=$(kubectl config get-contexts | grep reviewapp | awk '{print $1}' | head -1)
     - kubectl config use-context "$CONTEXT"
@@ -602,12 +602,12 @@ deploy_production:
   allow_failure: true
   needs:
     - job: build-review-image
-  resource_group: $CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov
+  resource_group: $CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
   extends: .deploy
   environment:
     name: production
     deployment_tier: production
-    url: https://$CI_ENVIRONMENT_SLUG.reviewapp.identitysandbox.gov
+    url: https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov
   rules:
     - if: $CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push"
 

.rubocop.yml

@@ -690,6 +690,15 @@ Naming/MemoizedInstanceVariableName:
 Naming/MethodParameterName:
   MinNameLength: 2
 
+Naming/PredicateName:
+  Enabled: true
+  AllowedMethods:
+    - is_a?
+  ForbiddenPrefixes:
+    # overriding to allow "has_"
+    - is_
+    - have_
+
 Naming/VariableName:
   Exclude:
     - spec/services/pii/nist_encryption_spec.rb

Makefile

@@ -228,7 +228,7 @@ run-https: tmp/$(HOST)-$(PORT).key tmp/$(HOST)-$(PORT).crt ## Runs the developme
 normalize_yaml: ## Normalizes YAML files (alphabetizes keys, fixes line length, smart quotes)
 	yarn normalize-yaml .rubocop.yml --disable-sort-keys --disable-smart-punctuation
 	find ./config/locales/transliterate -type f -name '*.yml' -exec yarn normalize-yaml --disable-sort-keys --disable-smart-punctuation {} \;
-	yarn normalize-yaml --disable-sort-keys --disable-smart-punctuation config/application.yml.default
+	yarn normalize-yaml --disable-smart-punctuation --ignore-key-sort development,production,test config/application.yml.default
 	find ./config/locales/telephony -type f -name '*.yml' | xargs yarn normalize-yaml --disable-smart-punctuation
 	find ./config/locales -not \( -path "./config/locales/telephony*" -o -path "./config/locales/transliterate/*" \) -type f -name '*.yml' | \
 	xargs yarn normalize-yaml \

app/components/alert_component.rb

@@ -1,15 +1,11 @@
 # frozen_string_literal: true
 
 class AlertComponent < BaseComponent
-  VALID_TYPES = [nil, :info, :success, :warning, :error, :emergency].freeze
-
   attr_reader :type, :message, :tag_options, :text_tag
 
-  def initialize(type: nil, text_tag: 'p', message: nil, **tag_options)
-    if !VALID_TYPES.include?(type)
-      raise ArgumentError, "`type` #{type} is invalid, expected one of #{VALID_TYPES}"
-    end
+  validates_inclusion_of :type, in: [nil, :info, :success, :warning, :error, :emergency]
 
+  def initialize(type: nil, text_tag: 'p', message: nil, **tag_options)
     @type = type
     @message = message
     @tag_options = tag_options

app/components/alert_icon_component.rb

@@ -14,11 +14,9 @@ class AlertIconComponent < BaseComponent
 
   attr_reader :tag_options, :icon_name
 
+  validates_inclusion_of :icon_name, in: ICON_SOURCE.keys
+
   def initialize(icon_name: :warning, **tag_options)
-    if !ICON_SOURCE.key?(icon_name)
-      raise ArgumentError,
-            "`icon_name` #{icon_name} is invalid, expected one of #{ICON_SOURCE.keys}"
-    end
     @icon_name = icon_name
     @tag_options = tag_options
   end

app/components/badge_component.rb

@@ -1,17 +1,16 @@
 # frozen_string_literal: true
 
 class BadgeComponent < BaseComponent
-  ICONS = %i[
+  attr_reader :icon, :tag_options
+
+  validates_inclusion_of :icon, in: %i[
     lock
     check_circle
     warning
     info
-  ].to_set.freeze
-
-  attr_reader :icon, :tag_options
+  ]
 
   def initialize(icon:, **tag_options)
-    raise ArgumentError, "invalid icon #{icon}, expected one of #{ICONS}" if !ICONS.include?(icon)
     @icon = icon
     @tag_options = tag_options
   end

app/components/base_component.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
 class BaseComponent < ViewComponent::Base
+  include ActiveModel::Model
+
   def before_render
+    raise_validation_errors
     render_assets unless rendered_assets?
   end
 
@@ -47,4 +50,9 @@ def render_assets
 
     @rendered_assets = true
   end
+
+  def raise_validation_errors
+    return unless IdentityConfig.store.raise_on_component_validation_error
+    validate!
+  end
 end

app/components/icon_component.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
 class IconComponent < BaseComponent
+  attr_reader :icon, :size, :tag_options
+
   # See: https://github.com/uswds/uswds/tree/develop/src/img/usa-icons
-  ICONS = %i[
+  validates_inclusion_of :icon, in: %i[
     accessibility_new
     accessible_forward
     account_balance
@@ -246,11 +248,7 @@ class IconComponent < BaseComponent
     zoom_out_map
   ].to_set.freeze
 
-  attr_reader :icon, :size, :tag_options
-
   def initialize(icon:, size: nil, **tag_options)
-    raise ArgumentError, "`icon` #{icon} is not a valid icon" if !ICONS.include?(icon)
-
     @icon = icon
     @size = size
     @tag_options = tag_options

app/components/login_button_component.rb

@@ -1,14 +1,11 @@
 # frozen_string_literal: true
 
 class LoginButtonComponent < BaseComponent
-  VALID_COLORS = ['primary', 'primary-darker', 'primary-lighter'].freeze
-
   attr_reader :color, :big, :width, :height, :tag_options
 
+  validates_inclusion_of :color, in: ['primary', 'primary-darker', 'primary-lighter']
+
   def initialize(color: 'primary', big: false, **tag_options)
-    if !VALID_COLORS.include?(color)
-      raise ArgumentError, "`color` #{color}} is invalid, expected one of #{VALID_COLORS}"
-    end
     @big = big
     @width = big ? '11.1rem' : '7.4rem'
     @height = big ? '1.5rem' : '1rem'

app/components/manageable_authenticator_component.rb

@@ -8,6 +8,8 @@ class ManageableAuthenticatorComponent < BaseComponent
               :custom_strings,
               :tag_options
 
+  validate :validate_configuration_methods
+
   def initialize(
     configuration:,
     user_session:,
@@ -16,10 +18,6 @@ def initialize(
     custom_strings: {},
     **tag_options
   )
-    if ![:name, :id, :created_at].all? { |method| configuration.respond_to?(method) }
-      raise ArgumentError, '`configuration` must respond to `name`, `id`, `created_at`'
-    end
-
     @configuration = configuration
     @user_session = user_session
     @manage_api_url = manage_api_url
@@ -44,6 +42,17 @@ def strings
 
   private
 
+  def validate_configuration_methods
+    [:name, :id, :created_at].each do |method|
+      next if configuration.respond_to?(method)
+      errors.add(
+        :configuration,
+        :missing_method,
+        message: "`configuration` must respond to `#{method}`",
+      )
+    end
+  end
+
   def auth_methods_session
     @auth_methods_session ||= AuthMethodsSession.new(user_session:)
   end

app/components/status_page_component.rb

@@ -7,8 +7,6 @@ class StatusPageComponent < BaseComponent
     error: [nil, :lock],
   }.freeze
 
-  VALID_STATUS = %i[info error warning].freeze
-
   renders_one :header, ::PageHeadingComponent
   renders_many :action_buttons, ->(**button_options) do
     ButtonComponent.new(**button_options, big: true, wide: true)
@@ -17,15 +15,10 @@ class StatusPageComponent < BaseComponent
 
   attr_reader :status, :icon
 
-  def initialize(status: :error, icon: nil)
-    if !VALID_STATUS.include?(status)
-      raise ArgumentError, "`status` #{status} is invalid, expected one of #{VALID_STATUS}"
-    end
-
-    if !ICONS[status].include?(icon)
-      raise ArgumentError, "`icon` #{icon} is invalid, expected one of #{ICONS[status]}"
-    end
+  validates_inclusion_of :status, in: %i[info error warning]
+  validate :validate_status_icon
 
+  def initialize(status: :error, icon: nil)
     @icon = icon
     @status = status
   end
@@ -37,4 +30,15 @@ def icon_name
       status.to_sym
     end
   end
+
+  private
+
+  def validate_status_icon
+    return if ICONS[status]&.include?(icon)
+    errors.add(
+      :icon,
+      :invalid,
+      message: "`icon` #{icon} is invalid, expected one of #{ICONS[status]}",
+    )
+  end
 end

app/components/tab_navigation_component.html.erb

@@ -5,8 +5,8 @@
         <%= render ButtonComponent.new(
               url: route[:path],
               big: true,
-              outline: !is_current_path?(route[:path]),
-              aria: { current: is_current_path?(route[:path]) ? 'page' : nil },
+              outline: !current_path?(route[:path]),
+              aria: { current: current_path?(route[:path]) ? 'page' : nil },
             ).with_content(route[:text]) %>
       </li>
     <% end %>

app/components/tab_navigation_component.rb

@@ -9,7 +9,7 @@ def initialize(label:, routes:, **tag_options)
     @tag_options = tag_options
   end
 
-  def is_current_path?(path)
+  def current_path?(path)
     recognized_path = Rails.application.routes.recognize_path(path, method: request.method)
     request.params[:controller] == recognized_path[:controller] &&
       request.params[:action] == recognized_path[:action]