kong changes

[thetif]

Resolves #4539

Description

Updates the authentication for the endpoints. Removed the LaunchDarkly flag. Added a check for apikey. The rest of the auth is being handled through the WAF. Changed the patch endpoint to be a post, so that it was clearer.

This pull request is ready to code review when

• Automated tests are updated (and all tests are passing)
• Pull request has been labeled, if applicable with feature, content, bug,
  tests, refactor

Steps to manually verify this change

1. open postman
2. Check Good GET
   1. set postman to GET https://ec2-54-147-193-218.compute-1.amazonaws.com/api/apds/submissions
   2. under Headers add a row for apikey and set it to any value
   3. click Send
   4. expect an error Could not get response
   5. click that link to Disable SSL Verification under that response
   6. click Send
   7. expect to get a 200 response with an empty array
3. Check Bad Auth GET
   1. uncheck the apikey row
   2. click Send
   3. expect to get a 403 response
4. Check Good POST
   1. change GET to POST and check the apikey row
   2. under Body select raw and JSON and paste [{ "apdId": "apd id", "newStatus": "completed" }] in the text area
   3. click Send
   4. expect a 200 response with a body of [{"apdId":"apd id","success":false,"error":"APD Id is invalid"}]
5. Check Bad Request POST
   1. remove value from text area
   2. click Send
   3. expect a 400 response
6. Check Bad Auth POST
   1. uncheck the apikey row
   2. click Send
   3. expect a 403 response

This pull request is ready to test when

• Code has been reviewed by someone other than the original author

This pull request is ready to review when the QA has

• Verified the functionality related to the change
• Verified that the change works with Narrator on Windows
• Verified that the change works with VoiceOver on Mac
• Verified all updated pages with the WAVE tool
• Verified tab and keyboard navigation functionality

This pull request can be merged when

• Design has approved the experience
• Product has approved the experience

[codecov]

Codecov Report

Merging #4593 (8fc15fb) into main (2db1152) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #4593      +/-   ##
==========================================
- Coverage   94.27%   94.27%   -0.01%     
==========================================
  Files         264      264              
  Lines        8454     8453       -1     
  Branches     1681     1681              
==========================================
- Hits         7970     7969       -1     
  Misses        461      461              
  Partials       23       23              

Flag	Coverage Δ
api	∅ <ø> (∅)
common	100.00% <ø> (ø)
web	94.00% <ø> (-0.01%)	⬇️

Impacted Files	Coverage Δ
...-and-compliance/AssurancesAndComplianceReadOnly.js	100.00% <ø> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2db1152...8fc15fb. Read the comment docs.

[cms-eapd-bot]

See this pull request in action: https://ec2-34-192-163-36.compute-1.amazonaws.com

8fc15fb

[mirano-darren]

Looks good to me! Got all expected results

[jeromeleecms]

There isn't much that I can test/sign off here. If we have 2 devs + quality sign off, I'm good with this.