feat: data migration reads Key Vault secrets to set verifier active flag

cal-itp · Aug 16, 2023 · 28b00cf · 28b00cf
1 parent cdba0b8
commit 28b00cf
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/benefits/core/migrations/0002_data.py b/benefits/core/migrations/0002_data.py
@@ -167,6 +167,7 @@ def load_data(app, *args, **kwargs):
 
     mst_senior_verifier = EligibilityVerifier.objects.create(
         name=os.environ.get("MST_OAUTH_VERIFIER_NAME", "OAuth claims via Login.gov (MST)"),
+        active=os.environ.get("MST_OAUTH_VERIFIER_ACTIVE", "False").lower() == "true",
         eligibility_type=mst_senior_type,
         auth_provider=senior_auth_provider,
         selection_label_template="eligibility/includes/selection-label--senior.html",
@@ -175,6 +176,7 @@ def load_data(app, *args, **kwargs):
 
     mst_veteran_verifier = EligibilityVerifier.objects.create(
         name=os.environ.get("MST_VETERAN_VERIFIER_NAME", "VA.gov - Veteran (MST)"),
+        active=os.environ.get("MST_VETERAN_VERIFIER_ACTIVE", "False").lower() == "true",
         eligibility_type=mst_veteran_type,
         auth_provider=veteran_auth_provider,
         selection_label_template="eligibility/includes/selection-label--veteran.html",
@@ -183,6 +185,7 @@ def load_data(app, *args, **kwargs):
 
     mst_courtesy_card_verifier = EligibilityVerifier.objects.create(
         name=os.environ.get("COURTESY_CARD_VERIFIER", "Eligibility Server Verifier"),
+        active=os.environ.get("COURTESY_CARD_VERIFIER_ACTIVE", "False").lower() == "true",
         api_url=os.environ.get("COURTESY_CARD_VERIFIER_API_URL", "http://server:8000/verify"),
         api_auth_header=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_HEADER", "X-Server-API-Key"),
         api_auth_key=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_KEY", "server-auth-token"),
@@ -199,6 +202,7 @@ def load_data(app, *args, **kwargs):
 
     sacrt_senior_verifier = EligibilityVerifier.objects.create(
         name=os.environ.get("SACRT_OAUTH_VERIFIER_NAME", "OAuth claims via Login.gov (SacRT)"),
+        active=os.environ.get("SACRT_OAUTH_VERIFIER_ACTIVE", "False").lower() == "true",
         eligibility_type=sacrt_senior_type,
         auth_provider=senior_auth_provider,
         selection_label_template="eligibility/includes/selection-label--senior.html",
@@ -207,6 +211,7 @@ def load_data(app, *args, **kwargs):
 
     sbmtd_senior_verifier = EligibilityVerifier.objects.create(
         name=os.environ.get("SBMTD_OAUTH_VERIFIER_NAME", "OAuth claims via Login.gov (SBMTD)"),
+        active=os.environ.get("SBMTD_OAUTH_VERIFIER_ACTIVE", "False").lower() == "true",
         eligibility_type=sbmtd_senior_type,
         auth_provider=senior_auth_provider,
         selection_label_template="eligibility/includes/selection-label--senior.html",

diff --git a/terraform/app_service.tf b/terraform/app_service.tf
@@ -106,16 +106,21 @@ resource "azurerm_linux_web_app" "main" {
     "VETERAN_AUTH_PROVIDER_CLAIM"                          = "${local.secret_prefix}veteran-auth-provider-claim)"
     "VETERAN_AUTH_PROVIDER_SCHEME"                         = "${local.secret_prefix}veteran-auth-provider-scheme)"
     "MST_OAUTH_VERIFIER_NAME"                              = "${local.secret_prefix}mst-oauth-verifier-name)"
+    "MST_OAUTH_VERIFIER_ACTIVE"                            = "${local.secret_prefix}mst-oauth-verifier-active)"
     "MST_VETERAN_VERIFIER_NAME"                            = "${local.secret_prefix}mst-veteran-verifier-name)"
+    "MST_VETERAN_VERIFIER_ACTIVE"                          = "${local.secret_prefix}mst-veteran-verifier-active)"
     "COURTESY_CARD_VERIFIER"                               = "${local.secret_prefix}courtesy-card-verifier)"
+    "COURTESY_CARD_VERIFIER_ACTIVE"                        = "${local.secret_prefix}courtesy-card-verifier-active)"
     "COURTESY_CARD_VERIFIER_API_URL"                       = "${local.secret_prefix}courtesy-card-verifier-api-url)"
     "COURTESY_CARD_VERIFIER_API_AUTH_HEADER"               = "${local.secret_prefix}courtesy-card-verifier-api-auth-header)"
     "COURTESY_CARD_VERIFIER_API_AUTH_KEY"                  = "${local.secret_prefix}courtesy-card-verifier-api-auth-key)"
     "COURTESY_CARD_VERIFIER_JWE_CEK_ENC"                   = "${local.secret_prefix}courtesy-card-verifier-jwe-cek-enc)"
     "COURTESY_CARD_VERIFIER_JWE_ENCRYPTION_ALG"            = "${local.secret_prefix}courtesy-card-verifier-jwe-encryption-alg)"
     "COURTESY_CARD_VERIFIER_JWS_SIGNING_ALG"               = "${local.secret_prefix}courtesy-card-verifier-jws-signing-alg)"
     "SACRT_OAUTH_VERIFIER_NAME"                            = "${local.secret_prefix}sacrt-oauth-verifier-name)"
-    "SBMTD_SENIOR_VERIFIER_NAME"                           = "${local.secret_prefix}sbmtd-senior-verifier-name"
+    "SACRT_OAUTH_VERIFIER_ACTIVE"                          = "${local.secret_prefix}sacrt-oauth-verifier-active)"
+    "SBMTD_SENIOR_VERIFIER_NAME"                           = "${local.secret_prefix}sbmtd-senior-verifier-name)"
+    "SBMTD_SENIOR_VERIFIER_ACTIVE"                         = "${local.secret_prefix}sbmtd-senior-verifier-active)"
     "MST_PAYMENT_PROCESSOR_NAME"                           = "${local.secret_prefix}mst-payment-processor-name)"
     "MST_PAYMENT_PROCESSOR_API_BASE_URL"                   = "${local.secret_prefix}mst-payment-processor-api-base-url)"
     "MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT"      = "${local.secret_prefix}mst-payment-processor-api-access-token-endpoint)"