From f95b7eabf14186f920f8517e0d20cc98df6318e9 Mon Sep 17 00:00:00 2001
From: Simon Kelly <skelly@dimagi.com>
Date: Wed, 20 Sep 2023 12:20:03 +0200
Subject: [PATCH] use django-allow-cidr to allow request from ELB health checks

---
 config/settings/staging.py                   |   5 +-
 deploy/roles/connect/templates/docker.env.j2 |   1 +
 deploy/vault.yml                             | 130 ++++++++++---------
 requirements/base.txt                        |   2 +-
 requirements/dev.txt                         |  15 +--
 requirements/production.in                   |   1 +
 requirements/production.txt                  |   7 +-
 7 files changed, 81 insertions(+), 80 deletions(-)

diff --git a/config/settings/staging.py b/config/settings/staging.py
index 54ccc7cb..1e6ffcb2 100644
--- a/config/settings/staging.py
+++ b/config/settings/staging.py
@@ -7,7 +7,10 @@
 # GENERAL
 # ------------------------------------------------------------------------------
 SECRET_KEY = env("DJANGO_SECRET_KEY", default="")
-ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["commcare-connect.org"])
+ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=[])
+
+ALLOWED_CIDR_NETS = env.list("DJANGO_ALLOWED_CIDR_NETS", default=[])
+MIDDLEWARE.insert(0, "allow_cidr.middleware.AllowCIDRMiddleware")  # noqa: F405
 
 # DATABASES
 # ------------------------------------------------------------------------------
diff --git a/deploy/roles/connect/templates/docker.env.j2 b/deploy/roles/connect/templates/docker.env.j2
index 19db2bcc..f6a446d0 100644
--- a/deploy/roles/connect/templates/docker.env.j2
+++ b/deploy/roles/connect/templates/docker.env.j2
@@ -11,6 +11,7 @@ CSRF_TRUSTED_ORIGINS={{ secrets.csrf_trusted_origins }}
 cid_client_secret={{ secrets.cid_client_secret }}
 cid_client_id={{ secrets.cid_client_id }}
 DJANGO_ALLOWED_HOSTS={{ secrets.django_allowed_hosts|join(",") }}
+DJANGO_ALLOWED_CIDR_NETS={{ secrets.django_allowed_cidr_nets|join(",") }}
 DJANGO_AWS_STORAGE_BUCKET_NAME={{ secrets.django_aws_storage_bucket_name }}
 DJANGO_DEFAULT_FROM_EMAIL={{ secrets.django_default_from_email }}
 DJANGO_SECRET_KEY={{ secrets.django_secret_key }}
diff --git a/deploy/vault.yml b/deploy/vault.yml
index 7020b65b..1869e9ce 100644
--- a/deploy/vault.yml
+++ b/deploy/vault.yml
@@ -1,65 +1,67 @@
 $ANSIBLE_VAULT;1.1;AES256
-38376131396136623061366664383333316235376537356130663033633164363437373765303339
-3031333837653834363566393436653261633137663864610a663766323761366531326538336239
-62623361316464353761363063393665366166393962346333346239383462616337623736623662
-3065643265643136350a646266633964313738623966363338333332333636646235356136386534
-37383433653138363132376361653261366430356138643431363432316633666639343336323339
-37636330343565323934366534613366363265313137643733393430353335663338333632386434
-31323362623632393333343363643765313662333566656239663461393337383930633538636431
-66393561316639623661393362613432356233636631313736663862616166366239653538366566
-39633934643239656431323437653862363062303464636364376538373337393034393630633632
-37636439633034616564616332663631336563336430633935613666636265373438383665656330
-66373736643539376538333265376462396633323130343838306631393266396634353736326661
-32653738636536346231313966363133343763386466396365363730653763383238653039316239
-35633532653861643336306362636134326566616661653232346436626531353963613838376466
-31626462616235386531643438303961623138333737643361383564623365633131366661626262
-64343231396130386131383035316264356332653137633830303031633630396561343730646365
-39366436643835393638333261396663313439373437643538346664643162383262316333373836
-32636139396537653930626131613734656464653735656632353339376261363830383234623635
-36316632383136623263386137643162353965343561616136313262663839626661306236303461
-32356666316439346530646265343839643735356433396463343438363161643339643630623066
-61656531326538353337613230383334313036633436303935366439626333323937376162653238
-66353635633161626630613334363839306464383066336462636665373731323966663435656330
-62303566343462343434636433393730646465366461633934323639323435326664663563396430
-30653334633562376330636335336630326462396236356337353232323930346339343630333635
-65303936643432323938343536653133383039393237303030346635366162666462336362363863
-34653165613863663338343834326263653031333033636139313864353333363431636663336664
-61613763333062613737373034396131663363636366336231616637336662316461613535383730
-64366535323030656335303064656536326438656533386663326332356330623561356564616163
-31363734386638343962393736343739336164386665366331353935633665623962636430333237
-62333537616366666564356537353339363536383361623266336538393064313439356562313638
-39653538633535323234656664303333353135366434346565373565663065383866326138323732
-39323230346337623664373639623966373465393463663439323136366130626530396437333430
-30366634653766616431326562663033306636336266353062656437393763363765386163663130
-32636434386562373064353663653036353030643037313036333930386261633037656335633034
-62303466326665646264646561393163343138653833616532333263613865333366653537326435
-61646565616363383961613235316661623336306561343964663037303834343063373563643765
-37346632613533353731613239613364656534616639373465336561626265393536393235316635
-36393938306339316138326134396537373061326563306339363762376335626666366564356331
-33636437313661663937313765633563353466666538353931383836366335623164613233616236
-38313232323861356662336636626437373839376561623034343936623263653137376434306563
-34626639636562663866313539666431323063383365326138306363306537636162333161346465
-31363864326265386364336635316566313934386461313939343363343837393239303361333962
-37653439386534643266653731343764663036383035326362356130616462313964316237373334
-36643634343032363965323366623638653831346333356438616661313866313237666536343531
-39303332386532343963663734303433376566376564373934343235386334613964613166656239
-37343832633064323734356363313737663637376233333334613964343735633962316465656261
-65626666353866363038656664376531386462623238383061633566656264333830623435653335
-65383136636363333161323238343261363765313336333965323032626436633432383164346564
-30396438366364626235353763313565346564376364646133353639373662343539326638666136
-37316132373034623363326237353537633839633233636135633331653361616462313461383066
-61326537313435353334626439383531323066303938616230353761306332623763333364363563
-35383030303162653766646165623034393036333061333633303961366433303431616239623037
-65613432623036396434316331336531633239343334383838653339326632656437623430643665
-64363734386161623738643938613762346164376230656230653134636561636532376532393635
-30306337386433373134366362373665363964346130396132343136326337636564376637346630
-31306134663836613163383835616435393764393638323461313763323065623762393033363464
-33366639656535643633386461343661333930336536306531316163386566383532386535613163
-62396136366161393832663365646437663632313230373165343463383136663766366435363436
-63373434363163613464653733393430626234653565656430336530323765333163346532343264
-36393865636435623661643561613238303638653731623033393430343139356237306539306137
-65376365326366666138313337363264623030373062663662643634336661623736623732633434
-31366535633330613130323938623038383237313336623237336231623030313632643866386332
-61666130343738393433633633616163363134373730383961303938336635373261646361306266
-35363735333961633162333365333363333266386466313534663664663731636565643561646161
-32303132353739613836
+32356639356330393434666537316338363435633839646634353737343438653236313866353834
+6234353238643462376566623063633761393933656463350a353239666366646133303731333137
+35616332316337333031303836353062383031343466393465613838316664346130353264363338
+3564313136616339660a353163316134363437626661633966333733333433396265373063353836
+31326232393231333064346362646364326462343362376464623436623134363035663461343565
+65333364366430393534356666333862613838663432323336633138373539363930306335336431
+63626362366566383762363061663765633430306430616536333238646131663262393930343134
+62393238396434653738323666316237383266343034626662643237346334343765376432366566
+66643739393961663262303031383735626532356563396466633936343638623733623361653566
+65336364623264633436316335653330636631366237333565363461323839323563646333636130
+39373632646531663733323036356135363036303136623135666639393861656138373666623430
+37623234396136393838306261636134393061353562323962353935383563346531303536626232
+61623632623031373732636564326337626565356536613131613733643134643363343436363530
+65333864336532316666383732643835363633336265633236636366313361386339356539616139
+62373436303338643234393834373061323937323135636664333761303739633137343535653664
+63626637386535383362363261386434343034666565653230633634396330653063623261356132
+33666230313734306538653838383436396633363933373733316338303734623832303136653466
+33353839393032616435633733653663383661396332623233656331663536643431353436616566
+36663564376563656665316530633837386263376536353362363563653862356661373034326531
+35306138633865643831363736653733363934623166333662396331363930336166343466623137
+63663939333932336535323961316636303133383231343436303036306661396136333138663135
+35613666336236366633666438366530386264353633326132313861376431393862393435373139
+61353266636436306331343936323135666561643061343865343939323038623633323433663162
+37353665623961643134336664393464613066323039306134656233333136373033636136303864
+37303130353563366163313930663036653961663961666237306138313434313434346135626430
+31663535636637663131623230663136656633386433653933313564356131333734323831643464
+33643937613064393134386361323836656534653765383537346536306436616361393862623535
+61653763363465303563353665653430306538636164646636306263666439353838386234386632
+66323636323066383064376438346432636337303834386666313036303361346535623866343463
+38346261623563623235366534356534616263376461356563383031353032386636623764633132
+63396461316135383138623538616435396461326637646130323539393536393031636537653835
+35356263636161613561316661653261303665396432643137303066623962653165306530366137
+63383733303364633334346339343339313437663366326165313731323434396239646533393164
+62623865333937336239383939373531616366393861323663306636646338336337303330333036
+61613666653931383762626235636364333239613235363662376562363032653039353637613230
+35613232333539613933613162396266323839633366646137396365646564313837316638653165
+38353333333165323537613935376663613734396665613030643233643331663039323539366461
+38653161353837643464623239343966356431613437373834376337623031313936336230383632
+65376136303731656661633831333962623936383234353966316138343665653133386331336230
+65303537373935333739643765303966376331326637656666373165643835373962363234383633
+65323835663065303665663136393238666437623637653863333465303439666132366534303432
+39303561306662623035396630623765653065323462316263636565353636666236646139356465
+32333537393064346531313366306633646365633130613938363730393930346363666461643935
+32336339613663666665336630356530363963363135316164336561363237303330326366306162
+35346533313064366662643631653636626239656265666663343565323536633463613233653131
+36363239383832613533373865663933376132653365333739346531643738346665306539376663
+39653361376236643231656162313339383331373330626639633535646135623031303931356231
+36393962386361353830313439646461623034366162376130323065396438666232386163376132
+34656432383730663662366335336636303363363432393532376466303166323762336263356138
+65623738393833303838396565363339333637316436396164653963353633353433646361613262
+64323138326231633664333565626431386138363634383635326138346330643961363835326465
+34656364333535333433363863363031383465363532393166306666653339663863316162323865
+36396263343130633131343838323466313130656662383632346138333239656133343963656162
+38323134316166396463323864353764313735316266326364333265353566663361383234383838
+31393239656461616564663861346532653931353839313434313934363634346134376333643732
+62646464386331386565366233373962623162633161386136306561336138373631326363653330
+39376430356439363262363666336236313437353331316664326636313364313364346336346433
+38623063333665346363393461383034616233623165333266303132663464333065323265343863
+31366532633363313062326365653235316631643931356664323231623963313436343636383462
+66613534356531396231636232336437613939653635346632633735323233643435306563626266
+39613663393366353830373163333136303834356437656236333238373434326362393830363430
+63303634336166643235323638633239613366646366366362623165383836306237653138353962
+66663763353432623332653663616466356262306435663832623636353764656137663265336133
+33373230316565363630316165623766623632353732306633343632333831383434643163636332
+64613435633231353361363739623939616265663534336533326636613161613631303662623366
+6535303936396464393966386236666464663865356637656465
diff --git a/requirements/base.txt b/requirements/base.txt
index 2911e887..ba2be15d 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
-#    pip-compile --allow-unsafe --output-file=requirements/base.txt requirements/base.in
+#    inv requirements
 #
 amqp==5.1.1
     # via kombu
diff --git a/requirements/dev.txt b/requirements/dev.txt
index bbb4c705..6930d0e0 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -72,26 +72,14 @@ h11==0.14.0
     # via
     #   -c requirements/base.txt
     #   httpcore
-h2==4.1.0
-    # via
-    #   -c requirements/base.txt
-    #   httpx
-hpack==4.0.0
-    # via
-    #   -c requirements/base.txt
-    #   h2
 httpcore==0.17.3
     # via
     #   -c requirements/base.txt
     #   httpx
-httpx[http2]==0.24.1
+httpx==0.24.1
     # via
     #   -c requirements/base.txt
     #   pytest-httpx
-hyperframe==6.0.1
-    # via
-    #   -c requirements/base.txt
-    #   h2
 identify==2.5.26
     # via pre-commit
 idna==3.4
@@ -204,6 +192,7 @@ pyyaml==6.0.1
 six==1.16.0
     # via
     #   -c requirements/base.txt
+    #   asttokens
     #   python-dateutil
 sniffio==1.3.0
     # via
diff --git a/requirements/production.in b/requirements/production.in
index 8f926566..d967154f 100644
--- a/requirements/production.in
+++ b/requirements/production.in
@@ -8,3 +8,4 @@ sentry-sdk
 # ------------------------------------------------------------------------------
 django-storages[boto3]
 django-anymail[amazon-ses]
+django-allow-cidr
diff --git a/requirements/production.txt b/requirements/production.txt
index 94bb293d..76425d74 100644
--- a/requirements/production.txt
+++ b/requirements/production.txt
@@ -36,8 +36,11 @@ cryptography==41.0.2
 django==4.2.5
     # via
     #   -c requirements/base.txt
+    #   django-allow-cidr
     #   django-anymail
     #   django-storages
+django-allow-cidr==0.7.1
+    # via -r requirements/production.in
 django-anymail[amazon-ses]==10.1
     # via -r requirements/production.in
 django-storages[boto3]==1.13.2
@@ -53,7 +56,9 @@ jmespath==1.0.1
     #   boto3
     #   botocore
 packaging==23.1
-    # via gunicorn
+    # via
+    #   django-allow-cidr
+    #   gunicorn
 psycopg2==2.9.6
     # via -r requirements/production.in
 pycparser==2.21