Get vets-api to consume the Accreditations API (Staging env ESECC request)

[holdenhinkle]

Background

vets-api is still not able to consume the Accreditations API. Get this working

Tasks

• [ ] Outline steps to complete

Acceptance Criteria

• [ ] What will be created or happen as a result of this?

---

How to configure this issue

1. Label with practice area (backend, frontend,ux, design, research)
2. Label for MVP work? (mvp)
3. Add an estimate
4. Attach an Epic (what body of work is this a part of?)

[holdenhinkle]

Here’s a relevant doc - https://docs.google.com/document/d/1klUtD9_XhJrAaaIcLHc6Qt9MeuChd2ORUlj_ivtzuBg/edit?usp=sharing

Here’s a support ticket - https://dsva.slack.com/archives/CBU0KDSB1/p1720815626324199

[holdenhinkle]

I zoomed with Kyle Metheny and Kshitiz Shrestha from Platform/DevOps. Kyle gave me a bunch of useful information to go back to the networking group with:

---

Just a quick notes dump:

The port is open to some traffic

Vets-api is external even though with part of the va.gov space

Goes how to the transit gateway

Show them that CAG works

It times out from vets-api

All outbound traffic is leaving us but it’s not making its way to the next hop.

VA EC AWS handles the routing

This CIDR block (this block of IPs is not allowed to the port) (if we’re not on the allowed list we can’t connect)

Check with NEO - network edge operations - probably the group I’ve got an open ticket with.

Kyle said this type of stuff takes forever to sort out, and everyone just gets passed around endlessly. He said if I needed anything else to ask in that support ticket.

---

From Kyle:

[holdenhinkle]

Just got kicked back to ESECC:

[holdenhinkle]

I re-opened the ESECC ticket that I opened ~1.5 months ago

[holdenhinkle]

New Slack thread - https://dsva.slack.com/archives/C06ABHUNBRS/p1721243488744259

Holden Hinkle 3 minutes ago @Sam Raudabaugh

@Gabriel Zurita My latest request to the Networking group for help getting vets-api configured to be able to consume the Accreditation API has been kicked back to me. They told me to contact ESECC (who was the first group I contacted 1 - 1.5 months ago). I reopened that ticket and the person I was working with from ESECC gave me a list of items in my request that need to be submitted: ESECC request# RFC-011835 RFMI

• LOCAL/SYSTEM ISSO field entry must be a VA Staff member whose Title is listed as an ISSO
• VA Sensitive and Proprietary Information area must be filled out
• VA PRIMARY POC must be filled out...can be Requester name if Non-VA Staff entry is not available
• Under the BPE tab, the HAVE YOU ATTACHED THE BUSINESS PARTNER EXTRANET CONFIGURATION WORKSHEET? field must be selected and the completed BPE Worksheet must be uploaded in the Attachments tab as applicable
• Under the BPE tab, the BUSINESS JUSTIFICATION field must be completed with the What and Why of this request.
• Under the Internet/Public tab, information must be filled in pertaining to the connection being requested Would both of you be up to pairing on completing this form with me? I’m thinking that the three of use can knock this out together.

[holdenhinkle]

Sam, Gabriel and I paired on this for over an hour on Friday. We're continuing today (Monday) from 3-4pm.

[holdenhinkle]

The three of us paired again today and finished the request form. I asked my contact at ESECC if we need to submit a separate request for each GCLAWS environment. I'm waiting to here back from him before I submit request (I'm hoping I can add information about the other environments in the Comments section of the request).

[holdenhinkle]

Holden Hinkle 1:29 PM That ESECC request just got kicked back to me :disappointed: 1:30 There are a few notes. The first is that the requester must be a VA employee. Is it okay if I make you the requester @Sam Raudabaugh ? 1:33 Here are the comments: Ernest Grogg 7/25/2024 8:42:48 AM RFMI: Requester must be a VA Employee. Contractors can create a request but may not be listed as a requester and should contact their VA government counterpart or Contracting Officer Representative confirming the needed changes prior to submission. Administration needs to be filled in. VA Primary POC needs filled in. Internal FQDN needs to be registered in the Web registry. Supported browsers should be listed. Business Justification must be filled in. The business case should cover these specifics where possible: (1) Derivative of what is documented in the MOU where one exists; (2) Why it is needed and the impact if not fulfilled; (3) Who is requesting and who is it servicing; (4) What are the business reasons and the benefits of implementing the change;, (5) What is the desired outcome; and (6) Where is it needed or have an impact.

[oddball-lindsay]

Sam re-submitted the request today, hoping to hear back. Pinging the Teams channel might help to move things along.

[oddball-lindsay]

Passed approval, waiting for implementation which entails network team adding in firewalls. Should be in the next couple weeks.

Sam will inquire on who the point of contact is, for updates on this.

[oddball-lindsay]

ESECC meeting tomorrow, Sam will get a status update

[raudabaugh]

The request is awaiting approval of VA.gov ISSO Albert Estacio. I reached out to him today to explain the need.

[oddball-lindsay]

Albert Estacio and Randy Trexler approved the request yesterday and it's moved to the Support Staff Approval stage.

Status is being tracked here: https://esecc.va.gov/CGWeb/MainUI/Changemanagement/StaffRFC.aspx?boundtable=IChangeManagementTicket&CloseOnPerformAction=false&ID=14985&windowWidth=1050&openTime=1722017159558&refreshOnClose=true