@govuk-pay/cli 0.0.6 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/package.json +1 -1
  2. package/resources/legacy-ruby-cli/Gemfile.lock +1 -1
  3. package/resources/legacy-ruby-cli/config/secrets.yml +81 -9
  4. package/resources/legacy-ruby-cli/config/service_secrets.yml +25 -9
  5. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/config.yaml +3 -0
  6. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/all.yaml +760 -0
  7. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/card.yaml +508 -0
  8. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/custom.yaml +71 -0
  9. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/java.yaml +456 -0
  10. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/services/ssl/certs/publicapi-proxy.crt +18 -0
  11. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/services/ssl/keys/publicapi-proxy.key +28 -0
  12. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/files/toolbox.yaml +473 -0
  13. package/resources/legacy-ruby-cli/lib/pay_cli/commands/local.rb +3 -2
  14. package/resources/legacy-ruby-cli/rds_access/connect.sh +30 -4
  15. package/resources/legacy-ruby-cli/vulnerability_scan/generate_vulnerability_report.js +52 -55
  16. package/resources/legacy-ruby-cli/vulnerability_scan/package.json +15 -0
  17. package/resources/legacy-ruby-cli/vulnerability_scan/scan.sh +56 -25
  18. package/resources/legacy-ruby-cli/vulnerability_scan/reports/.gitkeep +0 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@govuk-pay/cli",
3
- "version": "0.0.6",
3
+ "version": "0.0.8",
4
4
  "description": "GOV.UK Pay Command Line Interface",
5
5
  "bin": {
6
6
  "pay": "bin/cli.js",
package/resources/legacy-ruby-cli/Gemfile.lock CHANGED
@@ -1347,7 +1347,7 @@ GEM
1347
1347
  pairing_heap (>= 0.3.0)
1348
1348
  rexml (~> 3.2, >= 3.2.4)
1349
1349
  stream (~> 0.5.3)
1350
- rotp (6.2.2)
1350
+ rotp (6.3.0)
1351
1351
  rspec (3.12.0)
1352
1352
  rspec-core (~> 3.12.0)
1353
1353
  rspec-expectations (~> 3.12.0)
package/resources/legacy-ruby-cli/config/secrets.yml CHANGED
@@ -50,6 +50,7 @@ pay-low-pass:
50
50
  end-to-end/docker-username: dockerhub/concourse-username
51
51
  end-to-end/docker-access-token: dockerhub/concourse-access-token
52
52
  github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
53
+ grafana-annotations-password: concourse/grafana_annotations
53
54
  slack-notification-secret: slack/notification-secret
54
55
  cd-pay-dev:
55
56
  docker-email: dockerhub/concourse-email
@@ -57,6 +58,7 @@ pay-low-pass:
57
58
  docker-password: dockerhub/concourse-password
58
59
  docker-access-token: dockerhub/concourse-access-token
59
60
  github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
61
+ grafana-annotations-password: concourse/grafana_annotations
60
62
  pay-js-commons/github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
61
63
  pr-ci/github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
62
64
  slack-notification-secret: slack/notification-secret
@@ -88,12 +90,14 @@ pay-low-pass:
88
90
  test-12:
89
91
  adminusers:
90
92
  DB_PASSWORD: aws/rds/application_users/test/adminusers1
93
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test/adminusers_support_readonly # pragma: allowlist secret
91
94
  NOTIFY_API_KEY: notify/api_key/ci/test.adminusers.notify_api_key
92
95
  SENTRY_DSN: sentry_io/adminusers_dsn
93
96
  cardid:
94
97
  SENTRY_DSN: sentry_io/cardid_dsn
95
98
  connector:
96
99
  DB_PASSWORD: aws/rds/application_users/test/connector2
100
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test/connector_support_readonly # pragma: allowlist secret
97
101
  NOTIFY_API_KEY: notify/api_key/ci/test.connector.notify_api_key
98
102
  GDS_CONNECTOR_STRIPE_AUTH_TOKEN: stripe/test/test/account-api-key
99
103
  GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN: stripe/test/test/account-api-key
@@ -123,24 +127,32 @@ pay-low-pass:
123
127
  SENTRY_CSP_REPORT_URI: sentry/frontend_csp_report_uri
124
128
  ledger:
125
129
  DB_PASSWORD: aws/rds/application_users/test/ledger
130
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test/ledger_support_readonly # pragma: allowlist secret
126
131
  SENTRY_DSN: sentry_io/ledger_dsn
127
132
  webhooks:
128
133
  DB_PASSWORD: aws/rds/application_users/test/webhooks # pragma: allowlist secret
134
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test/webhooks_support_readonly # pragma: allowlist secret
129
135
  SENTRY_DSN: sentry_io/webhooks_dsn
130
136
  product-page:
131
137
  pager_duty_cloudwatch_integration_url: pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
132
138
  publicapi:
133
- TOKEN_API_HMAC_SECRET: ""
139
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
140
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
141
+ # TOKEN_API_HMAC_SECRET: ""
134
142
  SENTRY_DSN: sentry_io/publicapi_dsn
135
143
  publicauth:
136
144
  DB_USER: ""
137
145
  DB_PASSWORD: ""
138
- TOKEN_DB_BCRYPT_SALT: ""
139
- TOKEN_API_HMAC_SECRET: ""
146
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test/publicauth_support_readonly # pragma: allowlist secret
147
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
148
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
149
+ # TOKEN_DB_BCRYPT_SALT: ""
150
+ # TOKEN_API_HMAC_SECRET: ""
140
151
  SENTRY_DSN: sentry_io/publicauth_dsn
141
152
  products:
142
153
  DB_USER: ""
143
154
  DB_PASSWORD: ""
155
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test/products_support_readonly # pragma: allowlist secret
144
156
  SENTRY_DSN: sentry_io/products_dsn
145
157
  products-ui:
146
158
  SESSION_ENCRYPTION_KEY: ""
@@ -176,13 +188,15 @@ pay-low-pass:
176
188
  test-perf-1:
177
189
  adminusers:
178
190
  DB_PASSWORD: aws/rds/application_users/test/adminusers
179
- NOTIFY_API_KEY: notify/api_key/ci/test.adminusers.notify_api_key
191
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test-perf/adminusers_support_readonly # pragma: allowlist secret
192
+ NOTIFY_API_KEY: notify/api_key/ci/test_perf.adminusers.notify_api_key # pragma: allowlist secret
180
193
  SENTRY_DSN: sentry_io/adminusers_dsn
181
194
  cardid:
182
195
  SENTRY_DSN: sentry_io/cardid_dsn
183
196
  connector:
184
197
  DB_PASSWORD: aws/rds/superuser/test-12/connector/payment-password
185
- NOTIFY_API_KEY: notify/api_key/ci/test.connector.notify_api_key
198
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test-perf/connector_support_readonly # pragma: allowlist secret
199
+ NOTIFY_API_KEY: notify/api_key/ci/test_perf.connector.notify_api_key # pragma: allowlist secret
186
200
  GDS_CONNECTOR_STRIPE_AUTH_TOKEN: stripe/test/test/account-api-key
187
201
  GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN: stripe/test/test/account-api-key
188
202
  GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET: stripe/test/test/webhook-secret
@@ -209,19 +223,26 @@ pay-low-pass:
209
223
  SENTRY_CSP_REPORT_URI: sentry/frontend_csp_report_uri
210
224
  ledger:
211
225
  DB_PASSWORD: aws/rds/application_users/test/ledger
226
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test-perf/ledger_support_readonly # pragma: allowlist secret
212
227
  SENTRY_DSN: sentry_io/ledger_dsn
213
228
  publicapi:
214
- TOKEN_API_HMAC_SECRET: ""
229
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
230
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
231
+ # TOKEN_API_HMAC_SECRET: ""
215
232
  SENTRY_DSN: sentry_io/publicapi_dsn
216
233
  publicauth:
217
234
  DB_USER: ""
218
235
  DB_PASSWORD: ""
219
- TOKEN_DB_BCRYPT_SALT: ""
220
- TOKEN_API_HMAC_SECRET: ""
236
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test-perf/publicauth_support_readonly # pragma: allowlist secret
237
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
238
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
239
+ # TOKEN_DB_BCRYPT_SALT: ""
240
+ # TOKEN_API_HMAC_SECRET: ""
221
241
  SENTRY_DSN: sentry_io/publicauth_dsn
222
242
  products:
223
243
  DB_USER: ""
224
244
  DB_PASSWORD: ""
245
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test-perf/products_support_readonly # pragma: allowlist secret
225
246
  SENTRY_DSN: sentry_io/products_dsn
226
247
  products-ui:
227
248
  SESSION_ENCRYPTION_KEY: ""
@@ -255,6 +276,7 @@ pay-low-pass:
255
276
  ZENDESK_USER: zendesk/user
256
277
  webhooks:
257
278
  DB_PASSWORD: aws/rds/application_users/test/webhooks # pragma: allowlist secret
279
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/test-perf/webhooks_support_readonly # pragma: allowlist secret
258
280
  SENTRY_DSN: sentry_io/webhooks_dsn
259
281
  test:
260
282
  alb_and_s3_logging_pipeline:
@@ -270,18 +292,24 @@ pay-low-pass:
270
292
  docker-username: dockerhub/concourse-username
271
293
  docker-access-token: dockerhub/concourse-access-token
272
294
  github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
295
+ worldpay_secure_file_gateway:
296
+ private-key: worldpay/secure_file_gateway/worldpay_secure_file_gateway.rsa
297
+ public-key: worldpay/secure_file_gateway/worldpay_secure_file_gateway.rsa.pub
298
+ passphrase: worldpay/secure_file_gateway/passphrase
273
299
  ci:
274
300
  alb_and_s3_logging_pipeline:
275
301
  firehose_hec_token: splunk/firehose-hec-token
276
302
  staging-2:
277
303
  adminusers:
278
304
  DB_PASSWORD: aws/rds/application_users/staging/adminusers1
305
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/staging/adminusers_support_readonly # pragma: allowlist secret
279
306
  NOTIFY_API_KEY: notify/api_key/deploy/staging.adminusers.notify_api_key
280
307
  SENTRY_DSN: sentry_io/adminusers_dsn
281
308
  cardid:
282
309
  SENTRY_DSN: sentry_io/cardid_dsn
283
310
  connector:
284
311
  DB_PASSWORD: aws/rds/application_users/staging/connector1
312
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/staging/connector_support_readonly # pragma: allowlist secret
285
313
  NOTIFY_API_KEY: notify/api_key/deploy/staging.connector.notify_api_key
286
314
  GDS_CONNECTOR_STRIPE_AUTH_TOKEN: stripe/staging/test/account-api-key
287
315
  GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN: stripe/staging/test/account-api-key
@@ -309,8 +337,10 @@ pay-low-pass:
309
337
  SENTRY_CSP_REPORT_URI: sentry/frontend_csp_report_uri
310
338
  ledger:
311
339
  DB_PASSWORD: aws/rds/application_users/staging/ledger
340
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/staging/ledger_support_readonly # pragma: allowlist secret
312
341
  SENTRY_DSN: sentry_io/ledger_dsn
313
342
  products:
343
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/staging/products_support_readonly # pragma: allowlist secret
314
344
  SENTRY_DSN: sentry_io/products_dsn
315
345
  products-ui:
316
346
  SENTRY_DSN: sentry_io/products_ui_dsn
@@ -318,9 +348,16 @@ pay-low-pass:
318
348
  GOOGLE_RECAPTCHA_SITE_KEY: google/test/captcha-site-key
319
349
  publicapi:
320
350
  SENTRY_DSN: sentry_io/publicapi_dsn
321
- TOKEN_API_HMAC_SECRET: ""
351
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
352
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
353
+ # TOKEN_API_HMAC_SECRET: ""
322
354
  publicauth:
355
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/staging/publicauth_support_readonly # pragma: allowlist secret
323
356
  SENTRY_DSN: sentry_io/publicauth_dsn
357
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
358
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
359
+ # TOKEN_DB_BCRYPT_SALT: ""
360
+ # TOKEN_API_HMAC_SECRET: ""
324
361
  product-page:
325
362
  pager_duty_cloudwatch_integration_url: pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
326
363
  terraform:
@@ -351,6 +388,7 @@ pay-low-pass:
351
388
  ZENDESK_USER: zendesk/user
352
389
  webhooks:
353
390
  DB_PASSWORD: aws/rds/application_users/staging/webhooks # pragma: allowlist secret
391
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/staging/webhooks_support_readonly # pragma: allowlist secret
354
392
  SENTRY_DSN: sentry_io/webhooks_dsn
355
393
  webhooks_intrusion_monitoring:
356
394
  pager_duty_cloudwatch_integration_url: pager-duty/govuk-pay-staging-webhooks/amazon-cloudwatch-integration-url
@@ -360,12 +398,14 @@ pay-low-pass:
360
398
  production-2:
361
399
  adminusers:
362
400
  DB_PASSWORD: aws/rds/application_users/production/adminusers1
401
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/production/adminusers_support_readonly # pragma: allowlist secret
363
402
  NOTIFY_API_KEY: notify/api_key/deploy/production.adminusers.notify_api_key
364
403
  SENTRY_DSN: sentry_io/adminusers_dsn
365
404
  cardid:
366
405
  SENTRY_DSN: sentry_io/cardid_dsn
367
406
  connector:
368
407
  DB_PASSWORD: aws/rds/application_users/production/connector2
408
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/production/connector_support_readonly # pragma: allowlist secret
369
409
  NOTIFY_API_KEY: notify/api_key/deploy/production.connector.notify_api_key
370
410
  GDS_CONNECTOR_STRIPE_AUTH_TOKEN: stripe/production/test/account-api-key
371
411
  GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN: stripe/production/live/account-api-key
@@ -393,12 +433,14 @@ pay-low-pass:
393
433
  SENTRY_CSP_REPORT_URI: sentry/frontend_csp_report_uri
394
434
  ledger:
395
435
  DB_PASSWORD: aws/rds/application_users/production/ledger
436
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/production/ledger_support_readonly # pragma: allowlist secret
396
437
  SENTRY_DSN: sentry_io/ledger_dsn
397
438
  network:
398
439
  PAGER_DUTY_CLOUDWATCH_ALB_INTEGRATION_URL: pager-duty/govuk-pay-cloudwatch-alb/amazon-cloudwatch-integration-url
399
440
  product-page:
400
441
  pager_duty_cloudwatch_integration_url: pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
401
442
  products:
443
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/production/products_support_readonly # pragma: allowlist secret
402
444
  SENTRY_DSN: sentry_io/products_dsn
403
445
  products-ui:
404
446
  SENTRY_DSN: sentry_io/products_ui_dsn
@@ -408,7 +450,12 @@ pay-low-pass:
408
450
  publicapi:
409
451
  SENTRY_DSN: sentry_io/publicapi_dsn
410
452
  publicauth:
453
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/production/publicauth_support_readonly # pragma: allowlist secret
411
454
  SENTRY_DSN: sentry_io/publicauth_dsn
455
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
456
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
457
+ # TOKEN_DB_BCRYPT_SALT: ""
458
+ # TOKEN_API_HMAC_SECRET: ""
412
459
  terraform:
413
460
  ADMINUSERS_RDS_PASSWORD: aws/rds/superuser/production-2/adminusers/payment-password
414
461
  CONNECTOR_RDS_PASSWORD: aws/rds/superuser/production-2/connector/payment-password
@@ -437,6 +484,7 @@ pay-low-pass:
437
484
  ZENDESK_USER: zendesk/user
438
485
  webhooks:
439
486
  DB_PASSWORD: aws/rds/application_users/production/webhooks # pragma: allowlist secret
487
+ DB_SUPPORT_PASSWORD_READONLY: aws/rds/support_readonly_users/production/webhooks_support_readonly # pragma: allowlist secret
440
488
  SENTRY_DSN: sentry_io/webhooks_dsn
441
489
  webhooks_intrusion_monitoring:
442
490
  pager_duty_cloudwatch_integration_url: pager-duty/govuk-pay/amazon-cloudwatch-integration-url
@@ -480,9 +528,11 @@ value:
480
528
  test-12:
481
529
  adminusers:
482
530
  DB_USER: "adminusers1"
531
+ DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
483
532
  NOTIFY_SECRET: ""
484
533
  connector:
485
534
  DB_USER: "connector2"
535
+ DB_SUPPORT_USER_READONLY: "connector_support_readonly"
486
536
  NOTIFY_SECRET: ""
487
537
  frontend:
488
538
  AB_TEST_THRESHOLD: "50"
@@ -490,12 +540,16 @@ value:
490
540
  GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
491
541
  ledger:
492
542
  DB_USER: "ledger"
543
+ DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
493
544
  webhooks:
494
545
  DB_USER: "webhooks"
546
+ DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
495
547
  publicauth:
496
548
  DB_USER: "publicauth1"
549
+ DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
497
550
  products:
498
551
  DB_USER: "products"
552
+ DB_SUPPORT_USER_READONLY: "products_support_readonly"
499
553
  toolbox:
500
554
  AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304536"
501
555
  AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304536"
@@ -505,9 +559,11 @@ value:
505
559
  test-perf-1:
506
560
  adminusers:
507
561
  DB_USER: "adminusers"
562
+ DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
508
563
  NOTIFY_SECRET: ""
509
564
  connector:
510
565
  DB_USER: "connector"
566
+ DB_SUPPORT_USER_READONLY: "connector_support_readonly"
511
567
  NOTIFY_SECRET: ""
512
568
  frontend:
513
569
  AB_TEST_THRESHOLD: "50"
@@ -515,10 +571,13 @@ value:
515
571
  GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
516
572
  ledger:
517
573
  DB_USER: "ledger"
574
+ DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
518
575
  publicauth:
519
576
  DB_USER: "publicauth"
577
+ DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
520
578
  products:
521
579
  DB_USER: "products"
580
+ DB_SUPPORT_USER_READONLY: "products_support_readonly"
522
581
  terraform:
523
582
  PERF_ENV: "true"
524
583
  toolbox:
@@ -529,12 +588,15 @@ value:
529
588
  AUTH_GITHUB_ADMIN_TEAM_ID: "3304536"
530
589
  webhooks:
531
590
  DB_USER: "webhooks"
591
+ DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
532
592
  staging-2:
533
593
  adminusers:
534
594
  DB_USER: "adminusers1"
595
+ DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
535
596
  NOTIFY_SECRET: ""
536
597
  connector:
537
598
  DB_USER: "connector1"
599
+ DB_SUPPORT_USER_READONLY: "connector_support_readonly"
538
600
  NOTIFY_SECRET: ""
539
601
  frontend:
540
602
  AB_TEST_THRESHOLD: "50"
@@ -542,10 +604,13 @@ value:
542
604
  GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
543
605
  ledger:
544
606
  DB_USER: "ledger"
607
+ DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
545
608
  publicauth:
546
609
  DB_USER: "publicauth1"
610
+ DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
547
611
  products:
548
612
  DB_USER: "products"
613
+ DB_SUPPORT_USER_READONLY: "products_support_readonly"
549
614
  toolbox:
550
615
  AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304500"
551
616
  AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304500"
@@ -554,21 +619,27 @@ value:
554
619
  PERF_ENV: "false"
555
620
  webhooks:
556
621
  DB_USER: "webhooks"
622
+ DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
557
623
  production-2:
558
624
  adminusers:
559
625
  DB_USER: "adminusers1"
626
+ DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
560
627
  NOTIFY_SECRET: ""
561
628
  connector:
562
629
  DB_USER: "connector2"
630
+ DB_SUPPORT_USER_READONLY: "connector_support_readonly"
563
631
  NOTIFY_SECRET: ""
564
632
  frontend:
565
633
  AB_TEST_THRESHOLD: "50"
566
634
  ledger:
567
635
  DB_USER: "ledger"
636
+ DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
568
637
  publicauth:
569
638
  DB_USER: "publicauth1"
639
+ DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
570
640
  products:
571
641
  DB_USER: "products"
642
+ DB_SUPPORT_USER_READONLY: "products_support_readonly"
572
643
  performance-slack:
573
644
  SLACK_URI: "https://hooks.slack.com/services/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"
574
645
  toolbox:
@@ -579,3 +650,4 @@ value:
579
650
  PERF_ENV: "false"
580
651
  webhooks:
581
652
  DB_USER: "webhooks"
653
+ DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
package/resources/legacy-ruby-cli/config/service_secrets.yml CHANGED
@@ -2,6 +2,8 @@
2
2
  adminusers:
3
3
  - DB_USER
4
4
  - DB_PASSWORD
5
+ - DB_SUPPORT_USER_READONLY
6
+ - DB_SUPPORT_PASSWORD_READONLY
5
7
  - NOTIFY_API_KEY
6
8
  - NOTIFY_SECRET
7
9
  - SENTRY_DSN
@@ -15,6 +17,8 @@ cardid:
15
17
  connector:
16
18
  - DB_USER
17
19
  - DB_PASSWORD
20
+ - DB_SUPPORT_USER_READONLY
21
+ - DB_SUPPORT_PASSWORD_READONLY
18
22
  - NOTIFY_SECRET
19
23
  - NOTIFY_API_KEY
20
24
  - GDS_CONNECTOR_STRIPE_AUTH_TOKEN
@@ -61,19 +65,27 @@ frontend:
61
65
  network:
62
66
  - PAGER_DUTY_CLOUDWATCH_ALB_INTEGRATION_URL
63
67
  publicapi:
64
- - TOKEN_API_HMAC_SECRET
68
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
69
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
70
+ # - TOKEN_API_HMAC_SECRET
65
71
  - SENTRY_DSN
66
72
  publicauth:
67
73
  - DB_USER
68
74
  - DB_PASSWORD
69
- - TOKEN_DB_BCRYPT_SALT
70
- - TOKEN_API_HMAC_SECRET
75
+ - DB_SUPPORT_USER_READONLY
76
+ - DB_SUPPORT_PASSWORD_READONLY
77
+ # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
78
+ # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
79
+ # - TOKEN_DB_BCRYPT_SALT
80
+ # - TOKEN_API_HMAC_SECRET
71
81
  - SENTRY_DSN
72
82
  product-page:
73
83
  - pager_duty_cloudwatch_integration_url
74
84
  products:
75
85
  - DB_USER
76
86
  - DB_PASSWORD
87
+ - DB_SUPPORT_USER_READONLY
88
+ - DB_SUPPORT_PASSWORD_READONLY
77
89
  - SENTRY_DSN
78
90
  products-ui:
79
91
  - SESSION_ENCRYPTION_KEY
@@ -92,10 +104,14 @@ performance-slack:
92
104
  ledger:
93
105
  - DB_PASSWORD
94
106
  - DB_USER
107
+ - DB_SUPPORT_USER_READONLY
108
+ - DB_SUPPORT_PASSWORD_READONLY
95
109
  - SENTRY_DSN
96
110
  webhooks:
97
111
  - DB_PASSWORD
98
112
  - DB_USER
113
+ - DB_SUPPORT_USER_READONLY
114
+ - DB_SUPPORT_PASSWORD_READONLY
99
115
  - SENTRY_DSN
100
116
  toolbox:
101
117
  - AUTH_GITHUB_CLIENT_ID
@@ -109,8 +125,6 @@ toolbox:
109
125
  - ZENDESK_API_KEY
110
126
  - ZENDESK_USER
111
127
  cd-pay-deploy:
112
- - cf-password
113
- - cf-username
114
128
  - docker-password
115
129
  - docker-username
116
130
  - docker-email
@@ -120,10 +134,9 @@ cd-pay-deploy:
120
134
  - end-to-end/docker-email
121
135
  - end-to-end/docker-access-token
122
136
  - github-access-token
137
+ - grafana-annotations-password
123
138
  - pact-broker-username
124
139
  - pact-broker-password
125
- - pact-broker/cf-password
126
- - pact-broker/cf-username
127
140
  - pact-broker/pact-broker-password
128
141
  - pact-broker/pact-broker-username
129
142
  - pay_aws_deploy_account_id
@@ -132,13 +145,12 @@ cd-pay-deploy:
132
145
  - pay_aws_test_account_id
133
146
  - slack-notification-secret
134
147
  cd-pay-dev:
135
- - cf-password
136
- - cf-username
137
148
  - docker-email
138
149
  - docker-username
139
150
  - docker-password
140
151
  - docker-access-token
141
152
  - github-access-token
153
+ - grafana-annotations-password
142
154
  - pact-broker-username
143
155
  - pact-broker-password
144
156
  - pay_aws_deploy_account_id
@@ -172,3 +184,7 @@ codebuild:
172
184
  - docker-username
173
185
  - docker-access-token
174
186
  - github-access-token
187
+ worldpay_secure_file_gateway:
188
+ - private-key
189
+ - public-key
190
+ - passphrase
package/resources/legacy-ruby-cli/lib/pay_cli/commands/local/config.yaml CHANGED
@@ -64,8 +64,11 @@ publicauth:
64
64
  publicapi:
65
65
  name: publicapi
66
66
  type: java
67
+ proxy: true
68
+ naxsi: true
67
69
  port: 9100
68
70
  admin_port: 9101
71
+ proxy_port: 39100
69
72
  healthcheck: true
70
73
  uses_redis: true
71
74
  environment_overrides: