Merge pull request #3768 from 18F/staging

Release - 2021-02-17

.circleci/config.yml

@@ -101,7 +101,7 @@ commands:
 jobs:
   build:
     docker:
-      - image: circleci/node:16.4
+      - image: circleci/node:16.13
         environment:
           YARN_VERSION: 0.24.6-1
           CC_TEST_REPORTER_ID: 101a439651b6abd27e5440028a53b5b8f08fe0889f3948d5f58f6cf9f7c786a0
@@ -166,7 +166,7 @@ jobs:
 
   deploy:
     docker:
-      - image: circleci/node:16.4
+      - image: circleci/node:16.13
     parameters:
       app:
         type: string
@@ -190,7 +190,7 @@ jobs:
 
   deploy-admin-client:
     docker:
-      - image: circleci/node:16.4
+      - image: circleci/node:16.13
     parameters:
       app:
         type: string
@@ -234,7 +234,7 @@ jobs:
 
   deploy-queues-ui:
     docker:
-      - image: circleci/node:16.4
+      - image: circleci/node:16.13
     parameters:
       app:
         type: string

.cloudgov/manifest.yml

@@ -60,7 +60,7 @@ applications:
       - route: admin.((domain))
   - name: ((product))-queues-ui((env_postfix))
     buildpack: nodejs_buildpack
-    command: yarn start-bull-board
+    command: yarn start-bull-board:cg
     disk_quota: 2G
     instances: 1
     memory: ((memory))
@@ -69,11 +69,16 @@ applications:
     services:
       - app-((env))-uaa-client
       - federalist-((env))-redis
+      - federalist-((env))-github-queues-ui
+      - ((product))-((env))-env
     env:
+      ADMIN_GITHUB_ORGANIZATION: 18F
+      ADMIN_GITHUB_TEAM: federalist-admins
       NODE_ENV: production
       APP_ENV: ((env))
       APP_HOSTNAME: https://queues.((domain))
       LOG_LEVEL: ((log_level))
       NPM_CONFIG_PRODUCTION: true
       NODE_MODULES_CACHE: false
-      UAA_HOST: ((uaa_host))
+      UAA_HOST: ((uaa_host))
+      PRODUCT: ((product))

.codeclimate.yml

@@ -9,4 +9,4 @@ exclude_patterns:
   - "test/"
   - "scripts/"
   - "coverage/"
-  - "migrate.js"
+  - "migrate.js"

Dockerfile-app

@@ -1,4 +1,4 @@
-FROM node:16.4
+FROM node:16.13.1
 
 WORKDIR /app
 

README.md

@@ -40,35 +40,36 @@ _Note: some terminal commands may take a while to process, without offering feed
 
 1. Clone the `18F/federalist` repository from Github and `cd` to that directory.
 
-#### Editing the local configuration file
+#### Editing the local configuration files
 
 1. Make a copy of `config/local.sample.js` and name it `local.js` and place it in the `config` folder. You can do this by running `cp config/local{.sample,}.js`
 This will be the file that holds your S3 and SQS configurations.
-1. [Register a new OAuth application on GitHub](https://github.com/settings/applications/new). Give your app a name and "Homepage URL" (`http://localhost:1337`), and use `http://localhost:1337/auth/github2/callback` as the "Authorization callback url".
 
-1. Once you have created the application, you'll see a `Client ID` and `Client Secret`. Open the `config/local.js` file in your text or code editor and update it with these values:
+2. Assuming you have been added to the `FederalistLocal` Github organization, navigate to the [developer settings for the `FederalistLocal` OAuth application](https://github.com/organizations/FederalistLocal/settings/applications/968257) and create a new Client secret.
+
+3. Once you have the new Client secret, you'll see a `Client ID` and `Client Secret`. Open the `config/local.js` file in your text or code editor and update it with the Client ID and Client secret from the `FederalistLocal` OAuth application:
     ```js
     const githubOptions = {
       clientID: 'VALUE FROM GITHUB',
       clientSecret: 'VALUE FROM GITHUB',
     };
     ```
-1. [Register or create a new GitHub organization](https://github.com/settings/organizations) with a name of your choosing. Then find your organization's ID by visiting `https://api.github.com/orgs/<your-org-name>` and copying the `id` into the allowed `organizations` in `config/local.js`.
-    ```js
-    organizations: [
-      99999999 // your org added here
-    ]
-    ```
-    The organization will need to grant access to Federalist, which can be done:
-      * during a first-time login with your GitHub credentials, or
-      * in the [Authorized OAuth Apps](https://github.com/settings/applications) tab in your GitHub Account settings
 
+4. Make a copy of `api/bull-board/.env.sample`, name it `.env`, and place it in `api/bull-board/`.
+
+2. Assuming you have been added to the `FederalistLocal` Github organization, navigate to the [developer settings for the `FederalistLocal-Queues` OAuth application](https://github.com/organizations/FederalistLocal/settings/applications/1832231) and create a new Client secret.
+
+3. Once you have the new Client secret, you'll see a `Client ID` and `Client Secret`. Open the `api/bull-board/.env` file in your text or code editor and update it with the Client ID and Client secret from the `FederalistLocal-Queues` OAuth application:
+    ```
+    GITHUB_CLIENT_ID=VALUE FROM GITHUB
+    GITHUB_CLIENT_SECRET=VALUE FROM GITHUB
+    ```
 **For 18F/TTS developers:** This section is primarily for 18F/TTS developers working on the Federalist project. Before you get started, make sure you have been fully on-boarded, including getting access to the Federalist cloud.gov `staging` space.
 
 1. Paste `cf login --sso -a https://api.fr.cloud.gov -o gsa-18f-federalist -s staging` into your terminal window.
-1. Visit https://login.fr.cloud.gov/passcode to get a Temporary Authentication Code.
-1. Paste this code into the terminal, and hit the return key. (For security purposes, the code won't be rendered in the terminal.)
-1. Type `npm run update-local-config` to read necessary service keys from the staging environment and load them into a local file called `config/local-from-staging.js`.
+2. Visit https://login.fr.cloud.gov/passcode to get a Temporary Authentication Code.
+3. Paste this code into the terminal, and hit the return key. (For security purposes, the code won't be rendered in the terminal.)
+4. Type `npm run update-local-config` to read necessary service keys from the staging environment and load them into a local file called `config/local-from-staging.js`.
 
 Note that `npm run update-local-config` will need to be re-run with some frequency, as service keys are changed every time Federalist's staging instance is deployed.
 

admin-client/Dockerfile-admin

@@ -1,4 +1,4 @@
-FROM node:16.4
+FROM node:16.13.1
 
 WORKDIR /app
 

admin-client/package.json

@@ -10,8 +10,8 @@
     "start": "sirv public -p 3000 --host --single --dev"
   },
   "engines": {
-    "node": "16.x.x",
-    "npm": "7.x.x"
+    "node": "^16.13.1",
+    "npm": "^8.1.2"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^12.0.0",

admin-client/src/lib/api.js

@@ -168,6 +168,14 @@ async function updateOrganization(id, params) {
   return put(`/organizations/${id}`, params);
 }
 
+async function deactivateOrganization(id) {
+  return post(`/organizations/${id}/deactivate`);
+}
+
+async function activateOrganization(id) {
+  return post(`/organizations/${id}/activate`);
+}
+
 async function fetchRoles() {
   return get('/roles').catch(() => []);
 }
@@ -241,6 +249,8 @@ export {
   fetchOrganization,
   fetchOrganizations,
   updateOrganization,
+  deactivateOrganization,
+  activateOrganization,
   removeUserOrgRole,
   updateUserOrgRole,
   fetchRoles,

admin-client/src/pages/domain/Show.svelte

@@ -27,14 +27,18 @@
     dnsResultsPromise = fetchDomainDnsResult(id);
   }
 
-  function provision() {
+  async function provision() {
     domainPromise = provisionDomain(id);
+    await domainPromise;
+    refreshDnsResults();
   }
 
-  function deprovision() {
+  async function deprovision() {
     // eslint-disable-next-line no-alert
     if (window.confirm('Are you sure you want to deprovision this domain?')) {
       domainPromise = deprovisionDomain(id);
+      await domainPromise;
+      refreshDnsResults();
     }
   }
 
@@ -74,11 +78,11 @@
           <LabeledItem label="origin" value={domain.origin} />
           <LabeledItem label="path" value={domain.path} />
           <LabeledItem label="service" value={domain.serviceName} />
-        {/if}        
+        {/if}
       </div>
       <div class="tablet:grid-col-auto padding-bottom-1">
         <LabeledItem label="created at" value={formatDateTime(domain.createdAt)} />
-        <LabeledItem label="updated at" value={formatDateTime(domain.updatedAt)} />        
+        <LabeledItem label="updated at" value={formatDateTime(domain.updatedAt)} />
       </div>
     </div>
     <Await on={dnsResultsPromise} let:response={dnsResults}>

admin-client/src/pages/organization/Edit.svelte

@@ -42,13 +42,13 @@
     <form
       class="usa-form usa-form--large"
       on:submit|preventDefault={handleSubmit} >
-  
+
       <legend class="usa-legend usa-legend--large">Edit Organization</legend>
-  
+
       <p>
         Required fields are marked with an asterisk (<abbr title="required" class="usa-hint usa-hint--required">*</abbr>).
       </p>
-  
+
       <fieldset class="usa-fieldset">
         <label class="usa-label" for="name">Organization Name<abbr title="required" class="usa-hint usa-hint--required">*</abbr></label>
         <span class="usa-hint">Organization name must be globally unique</span>
@@ -104,7 +104,7 @@
         </div>
       </fieldset>
 
-      <fieldset class="usa-fieldset">
+      <fieldset class="usa-fieldset" disabled>
         <legend class="usa-legend usa-legend">Organization Status</legend>
         <div class="usa-radio">
           <input

admin-client/src/pages/organization/Index.svelte

@@ -1,7 +1,31 @@
 <script>
-  import { fetchOrganizations } from '../../lib/api';
+  import page from 'page';
+  import { notification } from '../../stores';
+  import { fetchOrganizations, deactivateOrganization, activateOrganization } from '../../lib/api';
   import { formatDateTime } from '../../helpers/formatter';
   import { DataTable, PaginatedQueryPage } from '../../components';
+
+  async function deactivate(id) {
+    // eslint-disable-next-line no-alert
+    if (!window.confirm('Are you sure you want to deactivate this organization?')) { return null; }
+    try {
+      await deactivateOrganization(id);
+      page('/organizations');
+      return notification.setSuccess(`Organization ${id} deactivated successfully!`);
+    } catch (error) {
+      return notification.setError(`Unable to deactivate organization ${id}: ${error.message}`);
+    }
+  }
+
+  async function activate(id) {
+    try {
+      await activateOrganization(id);
+      page('/organizations');
+      return notification.setSuccess(`Organization ${id} activated successfully!`);
+    } catch (error) {
+      return notification.setError(`Unable to activate organization ${id}: ${error.message}`);
+    }
+  }
 </script>
 
 <PaginatedQueryPage path="organizations" query={fetchOrganizations} addAction let:data>
@@ -52,7 +76,19 @@
         </ul>
       </td>
       <td>
-        <button class="usa-button usa-button--secondary">Delete</button>
+        {#if org.isActive}
+        <button
+          class="usa-button usa-button--secondary"
+          on:click={() => deactivate(org.id)}>
+          Deactivate
+        </button>
+        {:else}
+        <button
+          class="usa-button"
+          on:click={() => activate(org.id)}>
+          Activate
+        </button>
+        {/if}
       </td>
     </tr>
   </DataTable>

api/admin/controllers/build.js

@@ -69,7 +69,7 @@ module.exports = wrapHandlers({
     if (!build) return res.notFound();
 
     await build.update({ state });
-    EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'Build Updated', { build: { id, state } });
+    EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Build Updated', { build: { id, state } });
 
     return res.json(buildSerializer.serializeObject(build));
   },

api/admin/controllers/domain.js

@@ -80,7 +80,7 @@ module.exports = wrapHandlers({
 
     try {
       const domain = await Domain.create({ siteId, context, names });
-      EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'Domain Created', { domain });
+      EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Domain Created', { domain });
       return res.json(domainSerializer.serialize(domain, true));
     } catch (err) {
       if (!err.errors) {
@@ -106,7 +106,7 @@ module.exports = wrapHandlers({
 
     try {
       await DomainService.destroy(domain);
-      EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'Domain Destroyed', { domain });
+      EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Domain Destroyed', { domain });
       return res.json({});
     } catch (error) {
       return res.unprocessableEntity(error);
@@ -166,7 +166,7 @@ module.exports = wrapHandlers({
 
     try {
       const updatedDomain = await DomainService.deprovision(domain);
-      EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'Domain Deprovisioned', { domain: updatedDomain });
+      EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Domain Deprovisioned', { domain: updatedDomain });
       return res.json({
         dnsRecords: DomainService.buildDnsRecords(updatedDomain),
         domain: domainSerializer.serialize(updatedDomain, true),
@@ -190,7 +190,7 @@ module.exports = wrapHandlers({
 
     try {
       const updatedDomain = await DomainService.provision(domain, dnsResults);
-      EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'Domain Provisioned', { domain: updatedDomain });
+      EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Domain Provisioned', { domain: updatedDomain });
       return res.json({
         dnsRecords: DomainService.buildDnsRecords(updatedDomain),
         domain: domainSerializer.serialize(updatedDomain, true),

api/admin/controllers/organization-role.js

@@ -22,7 +22,7 @@ module.exports = wrapHandlers({
         userId: toInt(userId),
       },
     });
-    EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'OrganizationRole Removed', { organizationRole: { organizationId, userId } });
+    EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'OrganizationRole Removed', { organizationRole: { organizationId, userId } });
 
     return res.json({});
   },
@@ -45,7 +45,7 @@ module.exports = wrapHandlers({
         userId: toInt(userId),
       },
     });
-    EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'OrganizationRole Updated', { organizationRole: { organizationId, userId, roleId } });
+    EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'OrganizationRole Updated', { organizationRole: { organizationId, userId, roleId } });
     const member = await OrganizationRole.forOrganization(org)
       .findOne({ where: { userId: toInt(userId) } });
 

api/admin/controllers/organization.js

@@ -112,4 +112,30 @@ module.exports = wrapHandlers({
 
     return res.json(serialize(org));
   },
+
+  async deactivate(req, res) {
+    const {
+      params: { id },
+    } = req;
+
+    const org = await fetchModelById(id, Organization);
+    if (!org) return res.notFound();
+
+    const deactivatedOrg = await OrganizationService.deactivateOrganization(org);
+    EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Organization Deactivated', { organization: deactivatedOrg });
+    return res.json(serialize(deactivatedOrg));
+  },
+
+  async activate(req, res) {
+    const {
+      params: { id },
+    } = req;
+
+    const org = await fetchModelById(id, Organization);
+    if (!org) return res.notFound();
+
+    const activatedOrg = await OrganizationService.activateOrganization(org);
+    EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Organization Activated', { organization: activatedOrg });
+    return res.json(serialize(activatedOrg));
+  },
 });

api/admin/controllers/site.js

@@ -12,7 +12,7 @@ const updateableAttrs = [
 
 module.exports = wrapHandlers({
   listRaw: async (req, res) => {
-    const sites = await Site.findAll({ attributes: ['id', 'owner', 'repository'], raw: true });
+    const sites = await Site.findAll({ attributes: ['id', 'owner', 'repository', 'demoBranch'], raw: true });
     return res.json(sites);
   },
 
@@ -85,7 +85,7 @@ module.exports = wrapHandlers({
 
     // This will not remove the webhook since we don't have permissions
     await SiteDestroyer.destroySite(site);
-    EventCreator.audit(req.user, Event.labels.ADMIN_ACTION, 'Site Destroyed', { site });
+    EventCreator.audit(Event.labels.ADMIN_ACTION, req.user, 'Site Destroyed', { site });
 
     return res.json({});
   },