Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

83215 - Create sign_in_certificates table #16791

Closed
wants to merge 1 commit into from
Closed

83215 - Create sign_in_certificates table #16791

wants to merge 1 commit into from

Conversation

dickdavis
Copy link
Contributor

@dickdavis dickdavis commented May 17, 2024
edited

Summary

This PR creates the sign_in_certificates table. Currently, certificates for SiS configurations are stored in directly within the configuration as an array.

The draft PR to create the model can be found here: #16797

Related issue(s)

https://app.zenhub.com/workspaces/identity-5f5bab705a94c9001ba33734/issues/gh/department-of-veterans-affairs/va.gov-team/83215

Testing done

Migration succeeds and creates table with specified columns.

Screenshots

Not relevant.

What areas of the site does it impact?

Sign-in Service

Acceptance criteria

  • I fixed|updated|added unit tests and integration tests for each feature (if applicable).
  • No error nor warning in the console.
  • Events are being sent to the appropriate logging solution
  • Documentation has been updated (link to documentation)
  • No sensitive information (i.e. PII/credentials/internal URLs/etc.) is captured in logging, hardcoded, or specs
  • Feature/bug has a monitor built into Datadog or Grafana (if applicable)
  • If app impacted requires authentication, did you login to a local build and verify all authenticated routes work as expected
  • I added a screenshot of the developed feature

Requested Feedback

Any other fields needed?

@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 17, 2024 15:20 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 17, 2024 16:12 Inactive
@dickdavis dickdavis marked this pull request as ready for review May 17, 2024 20:48
@dickdavis dickdavis requested review from a team as code owners May 17, 2024 20:48
@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 17, 2024 21:39 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 17, 2024 22:48 Inactive
rjohnson2011
rjohnson2011 previously approved these changes May 20, 2024
View reviewed changes
bosawt
bosawt requested changes May 20, 2024
View reviewed changes
Copy link
Contributor

@bosawt bosawt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some comments on the schema, I'm really gonna have to do some research on successful polymorphic models cause I'm still not convinced they're ever a good idea

db/migrate/20240517145354_create_sign_in_certificates.rb
@@ -0,0 +1,15 @@
class CreateSignInCertificates < ActiveRecord::Migration[7.1]
def change
create_table :sign_in_certificates do |t|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it valuable to have any of the attribute fields other than the certificate itself? I feel like the schema shouldn't have any fields that are already available on the cert itself, otherwise there could be user error in the stored attributes versus what's actually on the cert

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having the fields stored in columns on the table allows us to leverage the ORM to query for expired, expiring, and self-signed certificates more efficiently.

The alternative would be to instantiate a 509 certificate object for every certificate stored in the table and then iterate through them to find all the certificates that match whatever criteria there are (expired, expiring, self-signed, etc.) This is the approach I used in my original PR.

I'd go so far as to say if we don't store the fields in columns, then this refactor is probably unnecessary.

Copy link
Contributor Author

@dickdavis dickdavis May 21, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 I could add a validation that ensures the attributes for the certificate stored in the plaintext column matches the values in the corresponding columns for the record.

db/migrate/20240517145354_create_sign_in_certificates.rb Outdated Show resolved Hide resolved
@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 21, 2024 16:34 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 23, 2024 05:52 Inactive
@dickdavis
Copy link
Contributor Author

Closing this PR. May revisit this idea when we tackle the certificate management epic.

@dickdavis dickdavis closed this May 23, 2024
@va-vfs-bot va-vfs-bot temporarily deployed to 83215-certs-table/main/main May 23, 2024 18:38 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rileyanderson rileyanderson rileyanderson left review comments

@bosawt bosawt bosawt requested changes

@rjohnson2011 rjohnson2011 rjohnson2011 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dickdavis @rileyanderson @bosawt @rjohnson2011 @va-vfs-bot