ultra nuclear option removing 2017/2019 from all the things

transcom · Mar 24, 2022 · 69b12ff · 69b12ff
1 parent 5a51ebe
commit 69b12ff
Show file tree

Hide file tree

Showing 10 changed files with 15 additions and 22 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -11,8 +11,7 @@ RUN update-ca-certificates
 FROM gcr.io/distroless/base:latest
 COPY --from=build-env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
-COPY bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
-COPY bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
+COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY bin/milmove /bin/milmove
 
 COPY config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b /config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b

diff --git a/Dockerfile.e2e b/Dockerfile.e2e
@@ -7,8 +7,6 @@ COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-r
 COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt
 
 COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
-COPY bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
-COPY bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
 COPY bin/milmove /bin/milmove
 COPY bin/generate-test-data /bin/generate-test-data
 

diff --git a/Dockerfile.local b/Dockerfile.local
@@ -10,8 +10,7 @@ COPY --chown=circleci:circleci . /home/circleci/project
 WORKDIR /home/circleci/project
 
 RUN make clean
-RUN make bin/rds-ca-2019-root.pem
-RUN make bin/rds-ca-us-gov-west-1-2017-root.pem
+RUN make bin/rds-ca-rsa4096-g1.pem
 RUN rm -f pkg/assets/assets.go && make pkg/assets/assets.go
 RUN make server_generate
 RUN rm -f bin/milmove && make bin/milmove
@@ -23,8 +22,7 @@ RUN rm -f bin/milmove && make bin/milmove
 # hadolint ignore=DL3007
 FROM gcr.io/distroless/base:latest
 
-COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
-COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
+COPY --from=builder --chown=root:root /home/circleci/project/bin/bin/rds-ca-rsa4096-g1.pem /bin/bin/rds-ca-rsa4096-g1.pem
 COPY --from=builder --chown=root:root /home/circleci/project/bin/milmove /bin/milmove
 
 COPY config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b /config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b

diff --git a/Dockerfile.migrations b/Dockerfile.migrations
@@ -7,8 +7,6 @@ COPY config/tls/dod-wcf-root-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-r
 COPY config/tls/dod-wcf-intermediate-ca-1.pem /usr/local/share/ca-certificates/dod-wcf-intermediate-ca-1.pem.crt
 
 COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
-COPY bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
-COPY bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
 COPY bin/milmove /bin/milmove
 
 COPY migrations/app/schema /migrate/schema

diff --git a/Dockerfile.migrations_local b/Dockerfile.migrations_local
@@ -10,7 +10,7 @@ COPY --chown=circleci:circleci . /home/circleci/project
 WORKDIR /home/circleci/project
 
 RUN make clean
-RUN make bin/rds-ca-2019-root.pem
+RUN make bin/rds-ca-rsa4096-g1.pem
 RUN rm -f pkg/assets/assets.go && make pkg/assets/assets.go
 RUN make server_generate
 RUN rm -f bin/milmove && make bin/milmove
@@ -24,7 +24,7 @@ FROM alpine:3.15.2
 # hadolint ignore=DL3017
 RUN apk upgrade --no-cache busybox
 
-COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
+COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY --from=builder --chown=root:root /home/circleci/project/bin/milmove /bin/milmove
 
 COPY migrations/app/schema /migrate/schema

diff --git a/Dockerfile.reviewapp b/Dockerfile.reviewapp
@@ -38,7 +38,7 @@ COPY pkg /build/pkg
 RUN mkdir /build/src
 
 RUN set -x \
-  && make bin/rds-ca-2019-root.pem \
+  && make bin/rds-ca-rsa4096-g1.pem \
   && rm -f pkg/assets/assets.go && make pkg/assets/assets.go \
   && scripts/gen-server \
   && rm -f bin/milmove && make bin/milmove \
@@ -47,7 +47,7 @@ RUN set -x \
 # define migrations before client build since it doesn't need client
 FROM alpine:3.15.2 as migrate
 
-COPY --from=server_builder /build/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
+COPY --from=server_builder /build/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY --from=server_builder /build/bin/milmove /bin/milmove
 COPY --from=server_builder /build/bin/generate-test-data /bin/generate-test-data
 
@@ -106,7 +106,7 @@ RUN set -x \
 # hadolint ignore=DL3007
 FROM gcr.io/distroless/base:latest as milmove
 
-COPY --from=server_builder /build/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
+COPY --from=server_builder /build/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY --from=server_builder /build/bin/milmove /bin/milmove
 COPY --from=server_builder /build/swagger /swagger
 

diff --git a/Dockerfile.tasks b/Dockerfile.tasks
@@ -12,8 +12,7 @@ FROM gcr.io/distroless/base:latest
 COPY --from=build-env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 COPY config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b /config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b
-COPY bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
-COPY bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
+COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY bin/milmove-tasks /bin/milmove-tasks
 
 WORKDIR /bin
diff --git a/Dockerfile.tasks_local b/Dockerfile.tasks_local
@@ -10,7 +10,7 @@ COPY --chown=circleci:circleci . /home/circleci/project
 WORKDIR /home/circleci/project
 
 RUN make clean
-RUN make bin/rds-ca-2019-root.pem
+RUN make bin/rds-ca-rsa4096-g1.pem
 RUN rm -f pkg/assets/assets.go && make pkg/assets/assets.go
 RUN make server_generate
 RUN rm -f bin/milmove-tasks && make bin/milmove-tasks
@@ -23,7 +23,7 @@ RUN rm -f bin/milmove-tasks && make bin/milmove-tasks
 FROM gcr.io/distroless/base:latest
 
 COPY --from=builder --chown=root:root /home/circleci/project/config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b /config/tls/Certificates_PKCS7_v5.6_DoD.der.p7b
-COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-2019-root.pem /bin/rds-ca-2019-root.pem
+COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 COPY --from=builder --chown=root:root /home/circleci/project/bin/milmove-tasks /bin/milmove-tasks
 
 WORKDIR /bin
diff --git a/Dockerfile.webhook_client b/Dockerfile.webhook_client
@@ -21,8 +21,8 @@ FROM gcr.io/distroless/static:latest
 
 # Copy DOD certs from the builder.
 COPY --from=builder --chown=root:root /etc/ssl/certs /etc/ssl/certs
+COPY bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 
-COPY bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
 COPY bin/webhook-client /bin/webhook-client
 
 CMD ["/bin/webhook-client", "webhook-notify"]
diff --git a/Dockerfile.webhook_client_local b/Dockerfile.webhook_client_local
@@ -17,7 +17,8 @@ COPY --chown=circleci:circleci . /home/circleci/project
 WORKDIR /home/circleci/project
 
 RUN make clean
-RUN make bin/rds-ca-us-gov-west-1-2017-root.pem
+RUN make bin/rds-ca-rsa4096-g1.pem
+
 RUN make bin/webhook-client
 
 #########
@@ -35,7 +36,7 @@ COPY --from=builder --chown=root:root /home/circleci/project/config/tls/devlocal
 COPY --from=builder --chown=root:root /home/circleci/project/config/tls/devlocal-mtls.key /config/tls/devlocal-mtls.key
 
 # Public root certificate for RDS in us-gov-west-1.
-COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-us-gov-west-1-2017-root.pem /bin/rds-ca-us-gov-west-1-2017-root.pem
+COPY --from=builder --chown=root:root /home/circleci/project/bin/rds-ca-rsa4096-g1.pem /bin/rds-ca-rsa4096-g1.pem
 
 # The main webhook-client binary.
 COPY --from=builder --chown=root:root /home/circleci/project/bin/webhook-client /bin/webhook-client