This repository has been archived by the owner on Dec 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathenvironment
189 lines (157 loc) · 7.79 KB
/
environment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# DSS environment variables
#
# Source this file in your bash shell using "source environment".
#
# The environment variables set in this file are appropriate for the
# DSS development environment. Individual environment variable
# values are overridden when deployed, based on the deployment stage.
# That logic resides in {chalice,daemons}/build_deploy_config.sh.
# Resolve the location of this file and set DSS_HOME to the root
SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
export DSS_HOME="$(cd -P "$(dirname "$SOURCE")" && pwd)"
EXPORT_ENV_VARS_TO_LAMBDA_ARRAY=(
API_DOMAIN_NAME
AUTH_URL
AUTH_BACKEND
CHECKOUT_CACHE_CRITERIA
DSS_AUTHORIZED_DOMAINS
DSS_AWS_FLASHFLOOD_PREFIX_READ
DSS_AWS_FLASHFLOOD_PREFIX_WRITE
DSS_BLOB_PUBLIC_TTL_DAYS
DSS_BLOB_TTL_DAYS
DSS_BUNDLE_MANIFEST_INDEX_LIMIT
DSS_DEBUG
DSS_DEPLOYMENT_STAGE
DSS_EVENT_RELAY_NAME
DSS_FLASHFLOOD_BUCKET
DSS_GCP_FLASHFLOOD_PREFIX_READ
DSS_GCP_FLASHFLOOD_PREFIX_WRITE
DSS_GS_BUCKET
DSS_GS_CHECKOUT_BUCKET
DSS_NOTIFICATION_SENDER
DSS_NOTIFY_DELAYS
DSS_NOTIFY_TIMEOUT
DSS_NOTIFY_WORKERS
DSS_S3_BUCKET
DSS_S3_CHECKOUT_BUCKET
DSS_VERSION
DSS_XRAY_TRACE
GCP_PROJECT_ID
GCP_DEFAULT_REGION
OIDC_AUDIENCE
OIDC_EMAIL_CLAIM
OIDC_GROUP_CLAIM
OIDC_AUTH0_TOKEN_CLAIM
OPENID_PROVIDER
TOKENINFO_FUNC
)
set -a
EXPORT_ENV_VARS_TO_LAMBDA=${EXPORT_ENV_VARS_TO_LAMBDA_ARRAY[*]}
DSS_DEPLOYMENT_STAGE="dev"
DSS_PLATFORM="ucsc-cgp"
ADMIN_USER_EMAILS_SECRETS_NAME=admin_user_emails
ADMIN_USER_EMAILS="" # Comma Separated Values
AWS_DEFAULT_OUTPUT=json
AWS_DEFAULT_REGION=us-east-1
GCP_DEFAULT_REGION=us-central1
GCP_PROJECT_ID="platform-hca"
DSS_EVENT_RELAY_NAME=dss-gs-event-relay-
CHECKOUT_CACHE_CRITERIA='[{"type":"application/json","max_size":12314}]'
# For a multi-stage data store deployment:
# - add bucket names specific to each stage
# - add stage-specific environment files that override generic variables with stage-specific values
DSS_S3_BUCKET="${DSS_PLATFORM}-dss-${DSS_DEPLOYMENT_STAGE}"
DSS_S3_BUCKET_TEST="${DSS_S3_BUCKET}-test"
DSS_S3_BUCKET_TEST_FIXTURES="${DSS_S3_BUCKET_TEST}-fixtures"
DSS_S3_CHECKOUT_BUCKET="${DSS_PLATFORM}-dss-checkout-${DSS_DEPLOYMENT_STAGE}"
DSS_S3_CHECKOUT_BUCKET_TEST="${DSS_S3_CHECKOUT_BUCKET}-test"
DSS_S3_CHECKOUT_BUCKET_TEST_USER="${DSS_S3_CHECKOUT_BUCKET_TEST}-user"
DSS_S3_CHECKOUT_BUCKET_UNWRITABLE="${DSS_S3_CHECKOUT_BUCKET}-unwritable"
DSS_CLI_BUCKET_TEST="${DSS_PLATFORM}-dss-cli-test"
DSS_FLASHFLOOD_BUCKET="${DSS_PLATFORM}-dss-flashflood-${DSS_DEPLOYMENT_STAGE}"
DSS_GS_BUCKET="${DSS_PLATFORM}-dss-${DSS_DEPLOYMENT_STAGE}"
DSS_GS_BUCKET_TEST="${DSS_GS_BUCKET}-test"
DSS_GS_BUCKET_TEST_FIXTURES="${DSS_GS_BUCKET_TEST}-fixtures"
DSS_GS_CHECKOUT_BUCKET="${DSS_PLATFORM}-dss-checkout-${DSS_DEPLOYMENT_STAGE}"
DSS_GS_CHECKOUT_BUCKET_TEST="${DSS_GS_CHECKOUT_BUCKET}-test"
DSS_GS_CHECKOUT_BUCKET_TEST_USER="${DSS_GS_CHECKOUT_BUCKET_TEST}-user"
DSS_AWS_FLASHFLOOD_PREFIX_READ="aws"
DSS_AWS_FLASHFLOOD_PREFIX_WRITE="aws" # This can be a comma separated list
DSS_GCP_FLASHFLOOD_PREFIX_READ="gcp"
DSS_GCP_FLASHFLOOD_PREFIX_WRITE="gcp" # This can be a comma separated list
DSS_INFRA_TAG_PROJECT="${DSS_PLATFORM}-dss"
DSS_INFRA_TAG_SERVICE="dss"
DSS_INFRA_TAG_OWNER="[email protected]"
DSS_NOTIFICATION_SENDER="[email protected]"
API_DOMAIN_NAME="dss.${DSS_DEPLOYMENT_STAGE}.ucsc-cgp-redwood.org"
TOKENINFO_FUNC=dss.util.security.verify_jwt
# TODO remove https://dev.data.humancellatlas.org/ from OIDC_AUDIENCE once seperate deployments are made
# Warning back slashes are sensitive here
OIDC_AUDIENCE=https://dev.ucsc-cgp-redwood.org/
AUTH_URL=https://dev-4lyab62k.auth0.com
OPENID_PROVIDER=https://dev-4lyab62k.auth0.com/
OIDC_EMAIL_CLAIM="${OIDC_AUDIENCE}email"
OIDC_GROUP_CLAIM="${OIDC_AUDIENCE}group"
OIDC_AUTH0_TOKEN_CLAIM="${OIDC_AUDIENCE}auth0"
AUTH_BACKEND=Auth0
NOTIFY_URL=https://${API_DOMAIN_NAME}/internal/notify
DSS_AUTHORIZED_GOOGLE_PROJECT_DOMAIN_ARRAY=(
platform-hca.iam.gserviceaccount.com
)
DSS_AUTHORIZED_DOMAINS=${DSS_AUTHORIZED_GOOGLE_PROJECT_DOMAIN_ARRAY[*]}
DSS_AUTHORIZED_DOMAINS_TEST="platform-hca.iam.gserviceaccount.com"
DSS_CERTIFICATE_VALIDATION=DNS
DSS_ES_DOMAIN="${DSS_PLATFORM}-dss-es-${DSS_DEPLOYMENT_STAGE}"
DSS_ES_INSTANCE_TYPE="t2.small.elasticsearch"
DSS_ES_VOLUME_SIZE="35"
DSS_ES_INSTANCE_COUNT="1"
DSS_ES_DOMAIN_INDEX_LOGS_ENABLED="false"
DSS_ZONE_NAME="ucsc-cgp-redwood.org."
ACM_CERTIFICATE_IDENTIFIER="f2e44868-a6dc-47ad-83c6-3dd81548ee66" # cert for *.dev.ucsc-cgp-redwood.org
PYTHONWARNINGS=ignore:ResourceWarning,ignore::UserWarning:zipfile:
DSS_SECRETS_STORE="${DSS_PLATFORM}/dss"
DSS_PARAMETER_STORE="${DSS_PLATFORM}/dss"
EVENT_RELAY_AWS_USERNAME="dss-event-relay-${DSS_DEPLOYMENT_STAGE}"
EVENT_RELAY_AWS_ACCESS_KEY_SECRETS_NAME="event-relay-user-aws-access-key"
GOOGLE_APPLICATION_CREDENTIALS_SECRETS_NAME="gcp-credentials.json"
GOOGLE_APPLICATION_SECRETS_SECRETS_NAME="application_secrets.json"
ES_ALLOWED_SOURCE_IP_SECRETS_NAME="es_source_ip"
DSS_DEBUG=1
# (DSS_BLOB_TTL_DAYS - DSS_BLOB_PUBLIC_TTL_DAYS ) >= DSS_BLOB_PUBLIC_TTL_DAYS
DSS_BLOB_TTL_DAYS=14
DSS_BLOB_PUBLIC_TTL_DAYS=7
# `{account_id}`, if present, will be replaced with the account ID associated with the AWS credentials used for
# deployment. It can be safely omitted.
DSS_TERRAFORM_BACKEND_BUCKET_TEMPLATE="${DSS_PLATFORM}-dss-${DSS_DEPLOYMENT_STAGE}-terraform"
# Configure the delays between notification attempts. The first attempt is immediate. The second attempt is one
# minute later. Then ten minutes, one hour, and six hours in between. Then 24 hours minus all previous delays and
# lastly every 24 hours for six days. This is exponential initially and then levels off where exponential would be
# too infrequent. The last attempt is made seven days after the first one, which is easy to remember.
#
DSS_NOTIFY_DELAYS="0 60 600 3600 21600 60540 86400 86400 86400 86400 86400 86400"
DSS_NOTIFY_TIMEOUT=60 # This may seem excessive but the default of 10s is not enough for Green's Lira
# and would cause the notification to be retried, causing Lira to make a duplicate
# submission.
# Touch base with Lira (Saman and Rex currently) on this timeout once:
# - they have scale-tested their new queue component
# - all subscribers (not only Green Box) agree on the shorter timeout
# https://github.com/HumanCellAtlas/data-store/issues/2398
DSS_NOTIFY_WORKERS=24 # unset to automatically determine the number of workers
# Enables X-Ray profiling of daemons running in AWS Lambdas. A value of 0 disables profiling. A value >1 will enable
# profiling.
DSS_XRAY_TRACE=0
DSS_GCP_SERVICE_ACCOUNT_NAME="travis-test"
# This list manages the GCP Users and serviceAccounts able to access direct URLs on the GS checkout bucket.
# Other GCP entities must use presigned urls, or checkout to an external GS bucket they have access to.
DSS_CHECKOUT_BUCKET_OBJECT_VIEWERS="serviceAccount:[email protected],serviceAccount:[email protected],serviceAccount:caas-prod-account-for-dev@broad-dsde-mint-dev.iam.gserviceaccount.com,group:[email protected]"
AWS_SDK_LOAD_CONFIG=1 # Needed for Terraform to correctly use AWS assumed roles
# AWS managed elasticsearch limits us to 100mb files or it pipe fails, so
# bundles manifests exceeding this many files are not included in the index document.
# https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html#network-limits
# https://stackoverflow.com/questions/55541625/aws-elasticsearch-cluster-method-to-update-http-max-content-length
DSS_BUNDLE_MANIFEST_INDEX_LIMIT="20000"
set +a
if [[ -f "${DSS_HOME}/environment.local" ]]; then
source "${DSS_HOME}/environment.local"
fi