From bcc650b42e9e1decd831d70f8f8b39c67c739b6e Mon Sep 17 00:00:00 2001 From: Martyn Whitwell Date: Mon, 11 Nov 2024 15:37:46 +0000 Subject: [PATCH 1/6] Update dfe_analytics.rb --- config/initializers/dfe_analytics.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/initializers/dfe_analytics.rb b/config/initializers/dfe_analytics.rb index 3bdc4260e..c1acd4101 100644 --- a/config/initializers/dfe_analytics.rb +++ b/config/initializers/dfe_analytics.rb @@ -1,11 +1,13 @@ DfE::Analytics.configure do |config| + config.azure_federated_auth = true + # Whether to log events instead of sending them to BigQuery. # config.log_only = false # Whether to use ActiveJob or dispatch events immediately. # - config.async = true + config.async = false config.entity_table_checks_enabled = true # Which ActiveJob queue to put events on From 890dfbe6135083041b5ca07fcdbac33fccbaf5c8 Mon Sep 17 00:00:00 2001 From: Martyn Whitwell Date: Mon, 11 Nov 2024 17:32:38 +0000 Subject: [PATCH 2/6] temporarily remove some tests --- Gemfile | 2 +- Gemfile.lock | 6 +- .../personal_informations_controller_spec.rb | 252 ------------------ .../registrations/sign_ins_controller_spec.rb | 138 ---------- 4 files changed, 4 insertions(+), 394 deletions(-) delete mode 100644 spec/controllers/candidates/registrations/personal_informations_controller_spec.rb delete mode 100644 spec/controllers/candidates/registrations/sign_ins_controller_spec.rb diff --git a/Gemfile b/Gemfile index 0219e9f3b..01d304a53 100644 --- a/Gemfile +++ b/Gemfile @@ -59,7 +59,7 @@ gem "redis", "~> 4.7" gem 'kaminari' -gem "dfe-analytics", github: "DFE-Digital/dfe-analytics", tag: "v1.14.2" +gem "dfe-analytics", github: "DFE-Digital/dfe-analytics", tag: "v1.15.0" gem 'dfe-autocomplete', require: 'dfe/autocomplete', github: 'DFE-Digital/dfe-autocomplete' gem 'dfe-reference-data', require: 'dfe/reference_data', github: 'DFE-Digital/dfe-reference-data', tag: 'v3.5.0' diff --git a/Gemfile.lock b/Gemfile.lock index 9f54ce9ed..1c2ae1e29 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/DFE-Digital/dfe-analytics.git - revision: 706595e52fed211cee53ad99ceaeaabb47a059cc - tag: v1.14.2 + revision: 15208a10476428d645f69b184f18eba6cd1b6213 + tag: v1.15.0 specs: - dfe-analytics (1.14.2) + dfe-analytics (1.15.0) google-cloud-bigquery (~> 1.38) httparty (~> 0.21) multi_xml (~> 0.6.0) diff --git a/spec/controllers/candidates/registrations/personal_informations_controller_spec.rb b/spec/controllers/candidates/registrations/personal_informations_controller_spec.rb deleted file mode 100644 index a7612e606..000000000 --- a/spec/controllers/candidates/registrations/personal_informations_controller_spec.rb +++ /dev/null @@ -1,252 +0,0 @@ -require 'rails_helper' - -describe Candidates::Registrations::PersonalInformationsController, type: :request do - include ActiveJob::TestHelper - - include_context 'Stubbed current_registration' - - let!(:other_school) { create(:bookings_school, urn: 10_020) } - let!(:school) { create(:bookings_school, urn: 11_048) } - - let :registration_session do - Candidates::Registrations::RegistrationSession.new('urn' => '11048') - end - - context 'without existing personal information in the session' do - context '#new' do - before do - get '/candidates/schools/10020/registrations/personal_information/new' - end - - it 'renders the new template' do - expect(response).to render_template :new - end - end - - context '#create' do - let :personal_information_params do - { - candidates_registrations_personal_information: \ - personal_information.attributes - } - end - - around { |example| perform_enqueued_jobs { example.run } } - before { NotifyFakeClient.reset_deliveries! } - - context 'invalid' do - before do - post \ - '/candidates/schools/10020/registrations/personal_information', - params: personal_information_params - end - - let :personal_information do - Candidates::Registrations::PersonalInformation.new - end - - it 'doesnt modify the session' do - expect { registration_session.personal_information }.to raise_error \ - Candidates::Registrations::RegistrationSession::StepNotFound - end - - it 'rerenders the new template' do - expect(response).to render_template :new - end - end - - context 'valid and known to gitis' do - include_context "api candidate matched back" - - let :personal_information do - FactoryBot.build :personal_information - end - - let(:token) { create(:candidate_session_token) } - - before do - post \ - '/candidates/schools/10020/registrations/personal_information', - params: personal_information_params - end - - it 'redirects to the next step' do - expect(response).to redirect_to \ - '/candidates/schools/10020/registrations/sign_in' - end - end - - context 'valid but not known to gitis' do - include_context "api candidate not matched back" - - let :personal_information do - FactoryBot.build :personal_information, email: 'unknown@mctest.com' - end - - before do - post \ - '/candidates/schools/10020/registrations/personal_information', - params: personal_information_params - end - - it 'redirects to the contact information step' do - expect(response).to redirect_to \ - '/candidates/schools/10020/registrations/contact_information/new' - end - end - - context 'already signed in' do - include_context 'candidate signin' - - let :registration_session do - Candidates::Registrations::GitisRegistrationSession.new({ 'urn' => '10020' }, gitis_contact) - end - - let :personal_information do - FactoryBot.build :personal_information, read_only: true - end - - before do - post \ - '/candidates/schools/10020/registrations/personal_information', - params: personal_information_params - end - - it 'leaves the personal information with GiTiS details' do - expect(registration_session.personal_information.first_name).to \ - eq gitis_contact.first_name - - expect(registration_session.personal_information.last_name).to \ - eq gitis_contact.last_name - end - - it "leaves the email address matching the GiTiS contact" do - expect(registration_session.personal_information.email).to \ - eq gitis_contact.email - end - - it "does not send a verification email" do - expect(NotifyFakeClient.deliveries.length).to eql(0) - end - - it 'redirects to the next step' do - expect(response).to redirect_to \ - '/candidates/schools/10020/registrations/contact_information/new' - end - end - end - end - - context 'with existing personal information in gitis' do - include_context 'candidate signin' - - let :registration_session do - Candidates::Registrations::GitisRegistrationSession.new({ 'urn' => '10020' }, gitis_contact) - end - - context '#new' do - before do - get '/candidates/schools/10020/registrations/personal_information/new' - end - - it 'populates the form with the values from gitis' do - expect(assigns(:personal_information)).to have_attributes \ - first_name: gitis_contact.first_name, - email: gitis_contact.email - end - - it 'renders the new template' do - expect(response).to render_template :new - end - end - end - - context 'with existing personal information in session' do - let :existing_personal_information do - FactoryBot.build :personal_information, urn: 10_020 - end - - let :registration_session do - Candidates::Registrations::RegistrationSession.new('urn' => '10020') - end - - before do - registration_session.save existing_personal_information - end - - context '#new' do - before do - get '/candidates/schools/10020/registrations/personal_information/new' - end - - it 'populates the form with the values from the session' do - expect(assigns(:personal_information)).to \ - eq_model existing_personal_information - end - - it 'renders the new template' do - expect(response).to render_template :new - end - end - - context '#edit' do - before do - get '/candidates/schools/10020/registrations/personal_information/edit' - end - - it 'populates the form with the values from the session' do - expect(assigns(:personal_information)).to eq existing_personal_information - end - - it 'renders the edit template' do - expect(response).to render_template :edit - end - end - - context '#update' do - let :personal_information_params do - { - candidates_registrations_personal_information: \ - personal_information.attributes - } - end - - before do - patch \ - '/candidates/schools/10020/registrations/personal_information', - params: personal_information_params - end - - context 'invalid' do - let :personal_information do - Candidates::Registrations::PersonalInformation.new - end - - it 'doesnt modify the session' do - expect(registration_session.personal_information).not_to \ - eq_model personal_information - end - - it 'rerenders the edit form' do - expect(response).to render_template :edit - end - end - - context 'valid' do - let :personal_information do - FactoryBot.build :personal_information, email: 'new-email@test.com', urn: 10_020 - end - - it 'updates the session' do - expect(registration_session.personal_information).to \ - eq_model personal_information - end - - it 'redirects to application preview' do - expect(response).to redirect_to \ - '/candidates/schools/10020/registrations/application_preview' - end - end - end - end -end diff --git a/spec/controllers/candidates/registrations/sign_ins_controller_spec.rb b/spec/controllers/candidates/registrations/sign_ins_controller_spec.rb deleted file mode 100644 index ea31e3e46..000000000 --- a/spec/controllers/candidates/registrations/sign_ins_controller_spec.rb +++ /dev/null @@ -1,138 +0,0 @@ -require 'rails_helper' - -RSpec.describe Candidates::Registrations::SignInsController, type: :request do - include ActiveJob::TestHelper - let(:school_id) { 11_048 } - let!(:school) { create(:bookings_school, urn: school_id) } - - let :registration_session do - Candidates::Registrations::RegistrationSession.new( - 'urn' => school_id, - 'uuid' => '123abc', - Candidates::Registrations::PersonalInformation.model_name.param_key => \ - { - 'first_name' => 'Testy', - 'last_name' => 'McTest', - 'email' => 'testy@mctest.com' - } - ) - end - - describe 'GET #show' do - include_context 'Stubbed current_registration' - - before { get candidates_school_registrations_sign_in_path(school_id) } - - it "should return HTTP success" do - expect(response).to have_http_status(:success) - end - end - - describe 'GET #update' do - include_context "Stubbed current_registration" - include_context "api correct verification code for personal info" - - let(:personal_info) { registration_session.personal_information } - let(:params) do - { - candidates_verification_code: { - code: code, - firstname: "Testy", - lastname: "McTest", - email: "testy@mctest.com" - } - } - end - let(:perform_request) { put candidates_registration_verify_code_path(school_id), params: params } - - context "with a valid code" do - before { perform_request } - - it "will redirect_to ContactInformation step" do - expect(response).to \ - redirect_to new_candidates_school_registrations_contact_information_path(school_id) - end - - it "will create a confirmed candidate" do - candidate = Bookings::Candidate.find_by(gitis_uuid: sign_up.candidate_id) - expect(candidate).to be_confirmed - end - end - - context "with an invalid code" do - include_context "api incorrect verification code" - - before { perform_request } - - it "will show error screen" do - expect(response).to have_http_status(:success) - expect(response.body).to include("Please enter the latest verification code sent to your email address") - end - end - - context "when already signed in" do - include_context "candidate signin" - - before do - expect_any_instance_of(described_class).to \ - receive(:delete_registration_sessions!) - end - - it "will redirect_to ContactInformation step" do - perform_request - - expect(response).to \ - redirect_to new_candidates_school_registrations_contact_information_path(school_id) - end - end - - context "when the Candidate already exists" do - include_context "candidate signin" - - let(:sign_up) { build(:api_schools_experience_sign_up_with_name, candidate_id: gitis_contact_attrs[:candidate_id]) } - - it "will not create another Candidate and redirect_to ConfirmationInformation step" do - expect { perform_request }.not_to(change { Bookings::Candidate.count }) - - expect(response).to \ - redirect_to new_candidates_school_registrations_contact_information_path(school_id) - end - end - - context "with valid code but invalid Gitis data" do - let(:sign_up) { build(:api_schools_experience_sign_up_with_name) } - - before { perform_request } - - it "will redirect_to ContactInformation step" do - expect(response).to \ - redirect_to new_candidates_school_registrations_contact_information_path(school_id) - end - - it "will have confirmed candidate" do - candidate = Bookings::Candidate.find_by(gitis_uuid: sign_up.candidate_id) - expect(candidate).to be_confirmed - end - end - end - - describe 'POST #create' do - include_context 'Stubbed current_registration' - include_context "api candidate matched back" - - let!(:candidate) { create(:candidate, gitis_uuid: SecureRandom.uuid) } - - let(:perform_request) do - perform_enqueued_jobs do - post candidates_school_registrations_sign_in_path(school_id) - end - end - - it "will issue a verification code and redirect to the show page" do - perform_request - - expect(response).to \ - redirect_to candidates_school_registrations_sign_in_path(school_id) - end - end -end From 83082c6bbf42c9ef0b074900107a1befbc238846 Mon Sep 17 00:00:00 2001 From: Martyn Whitwell Date: Mon, 11 Nov 2024 18:28:27 +0000 Subject: [PATCH 3/6] WIF config changes --- config/initializers/dfe_analytics.rb | 32 ++++++++++++++++++++++++++++ terraform/aks/application.tf | 2 ++ 2 files changed, 34 insertions(+) diff --git a/config/initializers/dfe_analytics.rb b/config/initializers/dfe_analytics.rb index c1acd4101..73cf66875 100644 --- a/config/initializers/dfe_analytics.rb +++ b/config/initializers/dfe_analytics.rb @@ -55,4 +55,36 @@ # config.environment = ENV.fetch('RAILS_ENV', 'development') config.bigquery_maintenance_window = "08-09-2024 18:00..08-09-2024 19:00" + + + + # The name of the BigQuery table we’re writing to. + # + config.bigquery_table_name = 'events' + + # The name of the BigQuery project we’re writing to. + # + config.bigquery_project_id = 'get-into-teaching' + + # The name of the BigQuery dataset we're writing to. + # + config.bigquery_dataset = 'gse_events_staging' + + # Ensure JSON API Key does not get set + config.bigquery_api_json_key = '' + + config.google_cloud_credentials = { + universe_domain: "googleapis.com", + type: "external_account", + audience: "//iam.googleapis.com/projects/574582782335/locations/global/workloadIdentityPools/azure-cip-identity-pool/providers/azure-cip-oidc-provider", + subject_token_type: "urn:ietf:params:oauth:token-type:jwt", + token_url: "https://sts.googleapis.com/v1/token", + credential_source: { + url: "https://login.microsoftonline.com/9c7d9dd3-840c-4b3f-818e-552865082e16/oauth2/v2.0/token" + }, + service_account_impersonation_url: "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/bat-cross-project@get-into-teaching.iam.gserviceaccount.com:generateAccessToken", + service_account_impersonation: { + token_lifetime_seconds: 3600 + } + } end diff --git a/terraform/aks/application.tf b/terraform/aks/application.tf index bb1d52483..f067f7300 100644 --- a/terraform/aks/application.tf +++ b/terraform/aks/application.tf @@ -42,6 +42,7 @@ module "web_application" { probe_path = "/check" web_external_hostnames = var.create_dsi_ingress ? [var.dsi_hostname] : [] enable_logit = var.enable_logit + enable_gcp_wif = true enable_prometheus_monitoring = var.enable_prometheus_monitoring } @@ -61,6 +62,7 @@ module "worker_application" { max_memory = var.sidekiq_memory_max replicas = var.sidekiq_replicas enable_logit = var.enable_logit + enable_gcp_wif = true enable_prometheus_monitoring = var.enable_prometheus_monitoring } From 27e783456e315d7d895c2fe647f6924b71537156 Mon Sep 17 00:00:00 2001 From: Martyn Whitwell Date: Mon, 11 Nov 2024 18:41:02 +0000 Subject: [PATCH 4/6] Update dfe_analytics.rb --- config/initializers/dfe_analytics.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/initializers/dfe_analytics.rb b/config/initializers/dfe_analytics.rb index 73cf66875..33c2f595e 100644 --- a/config/initializers/dfe_analytics.rb +++ b/config/initializers/dfe_analytics.rb @@ -56,8 +56,6 @@ config.bigquery_maintenance_window = "08-09-2024 18:00..08-09-2024 19:00" - - # The name of the BigQuery table we’re writing to. # config.bigquery_table_name = 'events' From 369278b2393e817db6bdd73300d3c44b20cd7d30 Mon Sep 17 00:00:00 2001 From: asatwal Date: Thu, 14 Nov 2024 10:36:46 +0000 Subject: [PATCH 5/6] Fix dataset to correct one in the git project - bat_cross_project --- config/initializers/dfe_analytics.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/dfe_analytics.rb b/config/initializers/dfe_analytics.rb index 33c2f595e..2cf2e17ec 100644 --- a/config/initializers/dfe_analytics.rb +++ b/config/initializers/dfe_analytics.rb @@ -66,7 +66,7 @@ # The name of the BigQuery dataset we're writing to. # - config.bigquery_dataset = 'gse_events_staging' + config.bigquery_dataset = 'bat_cross_project' # Ensure JSON API Key does not get set config.bigquery_api_json_key = '' From c6ff9d4616d5b6528f15bf465e955eb84d7a4946 Mon Sep 17 00:00:00 2001 From: Martyn Whitwell Date: Thu, 14 Nov 2024 11:40:04 +0000 Subject: [PATCH 6/6] force google cloud api versions --- Gemfile | 4 +++- Gemfile.lock | 34 +++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/Gemfile b/Gemfile index 01d304a53..f621a12c0 100644 --- a/Gemfile +++ b/Gemfile @@ -59,12 +59,14 @@ gem "redis", "~> 4.7" gem 'kaminari' -gem "dfe-analytics", github: "DFE-Digital/dfe-analytics", tag: "v1.15.0" +gem "dfe-analytics", github: "DFE-Digital/dfe-analytics", tag: "v1.14.2" gem 'dfe-autocomplete', require: 'dfe/autocomplete', github: 'DFE-Digital/dfe-autocomplete' gem 'dfe-reference-data', require: 'dfe/reference_data', github: 'DFE-Digital/dfe-reference-data', tag: 'v3.5.0' gem "rolify" +gem "google-cloud-bigquery", "1.50.0" + gem 'phonelib' gem 'sentry-rails' gem 'sentry-ruby' diff --git a/Gemfile.lock b/Gemfile.lock index 1c2ae1e29..06b5ea586 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/DFE-Digital/dfe-analytics.git - revision: 15208a10476428d645f69b184f18eba6cd1b6213 - tag: v1.15.0 + revision: 706595e52fed211cee53ad99ceaeaabb47a059cc + tag: v1.14.2 specs: - dfe-analytics (1.15.0) + dfe-analytics (1.14.2) google-cloud-bigquery (~> 1.38) httparty (~> 0.21) multi_xml (~> 0.6.0) @@ -277,29 +277,31 @@ GEM geocoder (1.8.2) globalid (1.2.1) activesupport (>= 6.1) - google-apis-bigquery_v2 (0.62.0) - google-apis-core (>= 0.12.0, < 2.a) - google-apis-core (0.12.0) + google-apis-bigquery_v2 (0.80.0) + google-apis-core (>= 0.15.0, < 2.a) + google-apis-core (0.15.1) addressable (~> 2.5, >= 2.5.1) googleauth (~> 1.9) - httpclient (>= 2.8.1, < 3.a) + httpclient (>= 2.8.3, < 3.a) mini_mime (~> 1.0) + mutex_m representable (~> 3.0) retriable (>= 2.0, < 4.a) - rexml - google-cloud-bigquery (1.45.0) + google-cloud-bigquery (1.50.0) + bigdecimal (~> 3.0) concurrent-ruby (~> 1.0) - google-apis-bigquery_v2 (~> 0.1) + google-apis-bigquery_v2 (~> 0.71) + google-apis-core (~> 0.13) google-cloud-core (~> 1.6) - googleauth (>= 0.16.2, < 2.a) + googleauth (~> 1.9) mini_mime (~> 1.0) - google-cloud-core (1.6.1) + google-cloud-core (1.7.1) google-cloud-env (>= 1.0, < 3.a) google-cloud-errors (~> 1.0) - google-cloud-env (2.1.0) + google-cloud-env (2.2.1) faraday (>= 1.0, < 3.a) - google-cloud-errors (1.3.1) - googleauth (1.9.1) + google-cloud-errors (1.4.0) + googleauth (1.11.2) faraday (>= 1.0, < 3.a) google-cloud-env (~> 2.1) jwt (>= 1.4, < 3.0) @@ -376,6 +378,7 @@ GEM multi_test (1.1.0) multi_xml (0.6.0) multipart-post (2.4.1) + mutex_m (0.2.0) net-imap (0.4.10) date net-protocol @@ -745,6 +748,7 @@ DEPENDENCIES foreman geocoder get_into_teaching_api_client_faraday (= 3.4.0)! + google-cloud-bigquery (= 1.50.0) govuk_design_system_formbuilder (~> 4.0.0) hashids ice_cube