Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Promote SSL Cert #7091

Merged
merged 3 commits into from
Dec 15, 2023
Merged

Promote SSL Cert #7091

merged 3 commits into from
Dec 15, 2023

Conversation

alismx
Copy link
Collaborator

@alismx alismx commented Dec 14, 2023
edited
Loading

DEVOPS PULL REQUEST

Related Issue

Changes Proposed

  • This reverts the cert hardcoding and will allow us to dynamically pick up the new cert as it's been installed and tested on pentest and dev1.

Additional Information

  • You're awesome.
  • Deploying this as soon as I'm online and it has approvals
  • If things break (they shouldn't), the reversion plan is to create a new version with the old cert.

Testing

  • Please check the SSL certs for https://origin-dev.simplereport.gov and https://pentest.simplereport.gov.
    • The cert should be verified by Entrust
    • The cert should be for *.simplereport.gov
    • The cert should expire in December of 2024
    • The cert should also have a leaf and root cert, Entrust Certification Authority - L1K and Entrust Root Certification Authority - G2, both of which expire in 2030.
  • Our Terraform plan for all environments (minus dev1 and pentest) should update app gateways in place to use the new cert.

Checklist for Primary Reviewer

Infrastructure

  • Consult the results of the terraform-plan job inside the "Terraform Checks" workflow run for this PR. Confirm that there are no unexpected changes!

Security

  • Changes with security implications have been approved by a security engineer (changes to authentication, encryption, handling of PII, etc.)
  • Any dependencies introduced have been vetted and discussed

Cloud

  • Oncall has been notified if this change is going in after-hours
  • If there are changes that cannot be tested locally, this has been deployed to our Azure test, dev, or pentest environment for verification

Documentation

  • Any changes to the startup configuration have been documented in the README

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 14, 2023

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@alismx alismx changed the title WIP Promote SSL Cert Dec 15, 2023
@alismx alismx marked this pull request as ready for review December 15, 2023 04:07
emyl3
emyl3 approved these changes Dec 15, 2023
View reviewed changes
Copy link
Collaborator

@emyl3 emyl3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Verified on the two envs you linked!

@alismx alismx added this pull request to the merge queue Dec 15, 2023
Merged via the queue into main with commit aa25fb9 Dec 15, 2023
71 checks passed
@alismx alismx deleted the alis/ssl_cert_update branch December 15, 2023 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emyl3 emyl3 emyl3 approved these changes

@mpbrown mpbrown mpbrown approved these changes

@fzhao99 fzhao99 fzhao99 approved these changes

@DanielSass DanielSass Awaiting requested review from DanielSass

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alismx @emyl3 @mpbrown @fzhao99