[Automated] Merged master into target k8s

department-of-veterans-affairs · Apr 10, 2024 · 86925b9 · 86925b9
2 parents 65c6932 + 8b6ace6
commit 86925b9
Show file tree

Hide file tree

Showing 8 changed files with 107 additions and 52 deletions.
diff --git a/config/settings.yml b/config/settings.yml
@@ -79,6 +79,8 @@ sign_in:
   vaweb_client_id: vaweb
   vamobile_client_id: vamobile
   arp_client_id: arp
+  sts_client:
+    key_path: spec/fixtures/sign_in/sts_client.pem
 
 terms_of_use:
   current_version: v1

diff --git a/db/seeds/development.rb b/db/seeds/development.rb
@@ -110,7 +110,7 @@
   access_token_audience: 'http://localhost:3978/api/messages',
   access_token_user_attributes: ['icn'],
   access_token_duration: SignIn::Constants::ServiceAccountAccessToken::VALIDITY_LENGTH_SHORT_MINUTES,
-  certificates: [File.read('spec/fixtures/sign_in/sample_service_account.crt')]
+  certificates: [File.read('spec/fixtures/sign_in/sts_client.crt')]
 )
 
 # Create config for accredited_representative_portal
@@ -124,3 +124,14 @@
             access_token_attributes: %w[first_name last_name email],
             refresh_token_duration: SignIn::Constants::RefreshToken::VALIDITY_LENGTH_SHORT_MINUTES,
             logout_redirect_uri: 'http://localhost:3001/representatives')
+
+# Create Service Account Config for BTSSS
+btsss = SignIn::ServiceAccountConfig.find_or_initialize_by(service_account_id: 'bbb5830ecebdef04556e9c430e374972')
+btsss.update!(
+  description: 'BTSSS',
+  scopes: [],
+  access_token_audience: 'http://localhost:3000',
+  access_token_user_attributes: ['icn'],
+  access_token_duration: SignIn::Constants::ServiceAccountAccessToken::VALIDITY_LENGTH_SHORT_MINUTES,
+  certificates: [File.read('spec/fixtures/sign_in/sts_client.crt')]
+)
diff --git a/spec/controllers/v0/sign_in_controller_spec.rb b/spec/controllers/v0/sign_in_controller_spec.rb
@@ -1637,7 +1637,7 @@
 
       context 'and assertion is a valid jwt' do
         let(:private_key) { OpenSSL::PKey::RSA.new(File.read(private_key_path)) }
-        let(:private_key_path) { 'spec/fixtures/sign_in/sample_service_account.pem' }
+        let(:private_key_path) { 'spec/fixtures/sign_in/sts_client.pem' }
         let(:assertion_payload) do
           {
             iss:,
@@ -1661,7 +1661,7 @@
         let(:expiration_time) { SignIn::Constants::AccessToken::VALIDITY_LENGTH_SHORT_MINUTES.since.to_i }
         let(:created_time) { Time.zone.now.to_i }
         let(:uuid) { 'some-uuid' }
-        let(:certificate_path) { 'spec/fixtures/sign_in/sample_service_account.crt' }
+        let(:certificate_path) { 'spec/fixtures/sign_in/sts_client.crt' }
         let(:version) { SignIn::Constants::AccessToken::CURRENT_VERSION }
         let(:assertion_certificate) { File.read(certificate_path) }
         let(:service_account_config) { create(:service_account_config, certificates: [assertion_certificate]) }

diff --git a/spec/fixtures/sign_in/sample_service_account.crt b/spec/fixtures/sign_in/sample_service_account.crt
diff --git a/spec/fixtures/sign_in/sample_service_account.pem b/spec/fixtures/sign_in/sample_service_account.pem
diff --git a/spec/fixtures/sign_in/sts_client.crt b/spec/fixtures/sign_in/sts_client.crt
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGZTCCBU2gAwIBAgIHPQAAAACU1zANBgkqhkiG9w0BAQsFADBIMRMwEQYKCZIm
+iZPyLGQBGRYDZ292MRIwEAYKCZImiZPyLGQBGRYCdmExHTAbBgNVBAMTFFZBLUlu
+dGVybmFsLVMyLUlDQTExMB4XDTI0MDQwNTE1MTkyOFoXDTI1MDQyOTE1MTkyOFow
+gY8xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRELkMuMRMwEQYDVQQHEwpXYXNoaW5n
+dG9uMSwwKgYDVQQKEyNVLlMuIERlcGFydG1lbnQgb2YgVmV0ZXJhbnMgQWZmYWly
+czEuMCwGA1UEAxMlc2lnbi1pbi1zZXJ2aWNlLXN0cy12ZXRzYXBpLWxvY2FsaG9z
+dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALs8ksbzx8CkeEh9FXTW
+UibrmN+Qnb/hfG3kAOvXvk1vvzzWTJFjWBzTmahdkHaVMUHEsJ9UPrL0e6j3z8w4
+rYY+4myxzVRE5K1qZ6/JofizdOmnrSPBkLenguOGWBLoNZOVgXuXKnCRif8LexdK
+0i7NDhZNF6iM4gJD6fqstSHrfSZTAuqPjQX5o7QccAhJxy/3UWnPJloq35LnhLbi
+vGJGHiQ1dqpWxiHo4R8pz9TnsUJb8YEBeIIjWq5CI9lQo0I7bevRUJtcPzkTUm7P
+Kb3PolPtCBPzd9OpaOZh5SdlqK8DoNopH70pOgmqaCD6ZfyjLP/Vhu2d6PzSGknq
+wAi8YSYYH6TPX25H1VUVnK9F+c/7bEWjgS9ILHZzQ+QugjPs4/rll1/ch2nyLf2R
+lZWjwVkf5qllQcNxlg9bQWGp/XeUV4tDLacFQTULY5Xf9w7rdhsYDkuYtTuj4rz3
++SLEW/weuZ8754CdfQZ3BC+1M53cFcR4A3q9sA9tyloSUmjiKgAZ7Wy2e5IRzfOc
+5XQ2lSTIDOLjat91tvUzixwI33JpEDHAQSJvtHkxxCf4s8vacLhz+7Pmy99hc9di
+CscDONuoiQJ9W33pkBE8tWCWgmLVMg+GOFyZm1qobZi+v5E4JKZhAPQdgra40vaf
+CXQI1ONxoaM3Wi7YT9k+trb9AgMBAAGjggIKMIICBjBeBgNVHREEVzBVgixzaWdu
+LWluLXNlcnZpY2Utc3RzLXZldHNhcGktbG9jYWxob3N0LnZhLmdvdoIlc2lnbi1p
+bi1zZXJ2aWNlLXN0cy12ZXRzYXBpLWxvY2FsaG9zdDAdBgNVHQ4EFgQUNPHxnzG2
+aPw2OWbj7j9OvUL2+i0wHwYDVR0jBBgwFoAUIliIGSkXgZad98moGCx1KnwULKkw
+RwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5wa2kudmEuZ292L3BraS9jcmwv
+VkEtSW50ZXJuYWwtUzItSUNBMTEuY3JsMHkGCCsGAQUFBwEBBG0wazBFBggrBgEF
+BQcwAoY5aHR0cDovL2FpYS5wa2kudmEuZ292L3BraS9haWEvdmEvVkEtSW50ZXJu
+YWwtUzItSUNBMTEuY2VyMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5wa2kudmEu
+Z292MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgTwMD0GCSsGAQQBgjcVBwQwMC4G
+JisGAQQBgjcVCIHIwzOB+fAGgaWfDYTggQiFwqpLBoWUjgGCoog/AgFkAgEwMB0G
+A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAnBgkrBgEEAYI3FQoEGjAYMAoG
+CCsGAQUFBwMBMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA2NsYsrw0h
+lILTMpN2K5WU5SqSsXB/zfkg9oql2Gs6zxG6lnaIiOEzTnNZo920uXdzAlBOyyfj
+jEUEAzhWSUvLvNOH6lvM5PCizOyWYvDOGECwGIxIa++Nu+XR+tnakd3AZ/Y77nx8
+RN/7ZcK4uSTXqHASZIERT4PlCN1MHf/7nsNQM1+WJZjKJ2wbQdxfaP8mu3PoFKq1
+Cq7DIz5vdFIm5mI+pYXSZW0y4DWa5jQ5v4yaLOhwVB5K3ewIeidjyrrsCbbRNyLe
+S6n2NWmidgrVLw59RO87nYqV9oHelrUyt79bjo3SrL20Mv0ePzDXjqdzi9avxkbn
+zQNNc53xge5r
+-----END CERTIFICATE-----
diff --git a/spec/fixtures/sign_in/sts_client.pem b/spec/fixtures/sign_in/sts_client.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC7PJLG88fApHhI
+fRV01lIm65jfkJ2/4Xxt5ADr175Nb7881kyRY1gc05moXZB2lTFBxLCfVD6y9Huo
+98/MOK2GPuJssc1UROStamevyaH4s3Tpp60jwZC3p4LjhlgS6DWTlYF7lypwkYn/
+C3sXStIuzQ4WTReojOICQ+n6rLUh630mUwLqj40F+aO0HHAISccv91FpzyZaKt+S
+54S24rxiRh4kNXaqVsYh6OEfKc/U57FCW/GBAXiCI1quQiPZUKNCO23r0VCbXD85
+E1Juzym9z6JT7QgT83fTqWjmYeUnZaivA6DaKR+9KToJqmgg+mX8oyz/1Ybtnej8
+0hpJ6sAIvGEmGB+kz19uR9VVFZyvRfnP+2xFo4EvSCx2c0PkLoIz7OP65Zdf3Idp
+8i39kZWVo8FZH+apZUHDcZYPW0Fhqf13lFeLQy2nBUE1C2OV3/cO63YbGA5LmLU7
+o+K89/kixFv8HrmfO+eAnX0GdwQvtTOd3BXEeAN6vbAPbcpaElJo4ioAGe1stnuS
+Ec3znOV0NpUkyAzi42rfdbb1M4scCN9yaRAxwEEib7R5McQn+LPL2nC4c/uz5svf
+YXPXYgrHAzjbqIkCfVt96ZARPLVgloJi1TIPhjhcmZtaqG2Yvr+ROCSmYQD0HYK2
+uNL2nwl0CNTjcaGjN1ou2E/ZPra2/QIDAQABAoICAQCPeUQTtfwsDxuomEjXxd8f
+ucrkDWIEBdoeLufR0PkfR3DoQmJbyh9bv31wOXoYlAwxlHGvNZPx90vG11Xg7NFz
+HD7PAZQQbdY5WF7pof0+oO0Gmpke3BVz1aWDiY91tYBQffDBbr1zkuKGkBqbZ5cV
+i8WuqxZk7sfE6puhnbQSsOuucU+7w5JRsNCTlHL4tuguRjqZdMWztESrwkK9DZND
+Tu2L23f54RJkK5pOEfES+ROogOHXc/QO7N5wx3fG73aaqwV4/WTiF9bOepLhHFek
+/jUqUGivORJqG9epKfy5qrmOmp4obfjHL48slurB0n5SEAvMYqfI7wb4rFq+p2bM
+O1iYr4tcapoTKImOUoYOWTYKr3+SLXpqttZBYwtP9fMQccpg/DwpaLn+shCfrac1
+qvysyZzpYz9iLoVKG/sAHiand/OcdPwdC2SfoCKqqL68fSTY/Ppwkias7Kii4IU8
+ml7aY9u+XDpYTo+aeu0P+kYj6wTbeOhjDw1trN9y0+ZNgvFxX3b1ylhMBdOvZ//F
+PioUoK8rrWYIr0p+ujZEAda850UCHwXSzdg5Ro1m2hMqvQtnSrpSJWLp2Ep9rI8Z
+Z1s9QfpLh5NvIWLAdOFdfv5QpsPqsvm9IFSCvramT4463iIPIlJEGAcdKcy0t8ke
+TOf9T8tviK9tmOMwMQiw1QKCAQEA2JCO4FiDM5lrDPdEsoGOARg2MPT/z2hepXDC
+jLUL/ifDperF59Jyhzeox7rwtFImDQn4eEbqyrRJB0S1j9p9Xe3p1ymJKLr4x+Od
+3LRxGYkHNDAR+xyNZjKFggnwuuc4MS6mxVPKXbUOPTN+Xj6sWlneL0gOq5+4/WhZ
+NF2hfQlZCqv9sQvkbJJxx/Rp+TO76avtwqv5+sbzzWQJV/OZY3gF82JAhPjKCTtr
+VfWXnPeac1j+ETFyd5F16lgz2Qpmfp7fEO13g/kB41aLvsZf+uSz9q6FCnZZzx3A
+9RrWANXSiQXsIPFb9tBc2R4NyJ787dHrwQqKFs9L1Tth0WpbIwKCAQEA3VTZgd3/
+6HCiB45ECU2vKVI9S8Rd0/3wZy/9XJSxBapNQxcGQLDUKqb0A8l7iyaTiqdKWykT
+abKeHWLrUk5gZ34UB2qtuowzDUfrlfOI+luXNf1jU9Qp2NDX1Mrt7aMxuaGwYTty
+x1h/iKAlXhEHz6M9BAk7sKDjZ1f5iupazKvCy1bwcirQscpiolD1qnKepOkUDqmV
+4UvJVU6x/ENKYz4bvO4ZgMY7s7uo4pQHxiOExiiQYBR/rbXE9Q3vutUWeNKWjlzZ
+XzX9BuShdviZcHmuFr5MqM8Qxgbj+PCvvJcLDOmX2BeDle1E3Je5A4f3DUbof/Ww
+WqLDSFKd7wJXXwKCAQEAuaUSFZdKwUzey7qcFTmh9aY/rjAXqkCaAdBrthrtMO39
+dZmQFW3955P7B1xlQu6416yYZuLEGwf5IlXwHmT52y87qcpdXaEJ6rBgfvXfjjg9
+CKu8fjq3q8fbUuIajt3u+Zo4NCfj7fhrQGOIDFpFfR5UrMtkaBL/jZuJ/K3W5UzC
+G7fcPY0oPzo6d2I6BfonN+S+aIbsP+GU1ZjPuamE8BPPZhfvnw12g/t/w6xIT7Kh
+oAfFpA9zRLRZFI6Pw5p6ykh+iBBIx8UJrUxfdyau2HB9JRXtzk4uJrIm2vYqRYUG
+eZeuF39PioCLV0PAJR7FS0kMg+r4/RyusRe6fr5haQKCAQA4ICsj9pLNc7py5g20
+ukFf3h3zF7Gfb3bGA/Jgxsf5Is2C5NTOFMlIo5ufVjmA+OBTOcbuRQVKOWRFGW+J
+KJzjwaH8m33An4rWpFVGakJjElTO+Rl2CYgvFg6VRHx/VXHnm+vpTDT3/iYhFFNF
+flYXvlJbsqezS6k+7J04L+OkoS29eKdynA7d9u96L8OMXJKESSKv8SszvY8pldIm
+oT282uQXzd0jvaEoG79g7Z7nDNy/j0vFQY17FGwEpGsVWrHfI6/QHBV3Qm6Oj+2u
+CK6ISiLuW4V/DTs4rEilOQunbDn+JUI/Jv9URp2+vq7JCXKJqGCPClOVOE8DCQhJ
+srNLAoIBAQDPF/+7PL0Br6YDjVEHQ1kWktK0GZqwP6OyFkKgeCKq6PBjv8BCtq6a
+oltzMmcrZCmhpsv81szyk9R90g/N076I4RwHFpuxecikOSDHoQotqXE42rXcXk4f
+3Esgi+qQI4KWbUP2ndA2y28W3wc0wbt8zCMU+/LRzs74/roPdvYC+Zl8PWkW5cbt
+51bAK6VZm6QhTWGXxzWU4Uw57hsPlw/1YU8Zxvq62iyDxP8uaOqrIEjI/1W3tpZu
+bJRpBxF8BkKVRc9oVhRz0TZwz/6vnyqD+W2vb40VIWESABg0yruZjlcns8v6kgy2
+TIB3lEXMXkuee+jO8i+FKa6H0T8rah+w
+-----END PRIVATE KEY-----
diff --git a/spec/services/sign_in/assertion_validator_spec.rb b/spec/services/sign_in/assertion_validator_spec.rb
@@ -7,7 +7,7 @@
     subject { SignIn::AssertionValidator.new(assertion:).perform }
 
     let(:private_key) { OpenSSL::PKey::RSA.new(File.read(private_key_path)) }
-    let(:private_key_path) { 'spec/fixtures/sign_in/sample_service_account.pem' }
+    let(:private_key_path) { 'spec/fixtures/sign_in/sts_client.pem' }
     let(:assertion_payload) do
       {
         iss:,
@@ -30,7 +30,7 @@
     let(:service_account_audience) { service_account_config.access_token_audience }
     let(:assertion_encode_algorithm) { SignIn::Constants::Auth::ASSERTION_ENCODE_ALGORITHM }
     let(:assertion) { JWT.encode(assertion_payload, private_key, assertion_encode_algorithm) }
-    let(:certificate_path) { 'spec/fixtures/sign_in/sample_service_account.crt' }
+    let(:certificate_path) { 'spec/fixtures/sign_in/sts_client.crt' }
     let(:assertion_certificate) { File.read(certificate_path) }
     let(:token_route) { "https://#{Settings.hostname}#{SignIn::Constants::Auth::TOKEN_ROUTE_PATH}" }