Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Release/new infrastructure/0001 (#110)
* Updating httpd deployment scripts, vhosts and terra vars * updating user-scripts and configs to use config instead of hardcoded values. * fixing up some variable naming standards * update to test teardown and infrastructure changes * removing duplicated variables from s3-roles merge * duration type * testing ar * Leaving provider as is. Can use modules but infrastructure is not really modular at this point * removing assume role stuff will handle it when moving to modular composition approach * Adding visualization node merge changes and cleaning up variable names * more variable name clean up * updating variable names removed visualization user-script * cleaning up more var names * testing vpc issue * move s3 back to folder.. * update * update * adding roles back to app-infrastructure * missing vars for wildfly instance * adding some missing vars * adding variables to dns pointer. removing prod from the name * changing var names * updating names * updating some names * update to move the route53 records for nodes into terraform managed state. * update for the pic-sure-db route53 cname * update for httpd-vhosts * adding trendmicro dsa cidr variable * Update httpd-instance.tf adding allowed host * Moving auth-hpds route53 declarations to not be separated from its dependent resource. * Parameterize idp_provider and idp_provider_uri * Add missing variables in httpd-instance * See application id to null * Network/Infra changes * add locals * rename * vpc and subnet fixes * boolean -> bool * fix * fix bool * fixes * set default * fix more vars * subnets * subnets * public cdir * public * fix private * subnet,tags * tags * fix * fix sg * use output * fix * fix * fix * use one * add listobjects permission * fix roles * fix s3 policy * cp --recursive * syntax fix * fix * update VPC filter * [ALS-4796] Remove unused aws record in auth hpds * [ALS-4796] Fix trailing slash in idp provider uri * [ALS-4796] Fix Teardown * add s3 baseline * remove stacks.json * updating user-scripts to use s3_copy function * [ALS-4796] Fix Teardown * cleanup for s3_copy * add lifecycle atgs * moving the s3_baseline out due to prevent_destroy blocking deployment * Removing default values for intro token and client secret Cannot be empty values and cannot be arbitrarily set * Removing intro token and client secret from variables * removing fence secret and id These need to be based as secrets. * should not be used in open access * removed default value for open access, lets make that a required passed variable. * Adding application id for base query adding variable to configure application id for standalone.xml and picsureui_settings.json * missing double quotes * add srce script vars * fixes * add vars * add fence vars * add logs * Testing target group as a data resource * adding reference to data resource in attachment * explicitly adding provider * adding availability zone * availability_zone.... * make it a string * [ALS-4884] Add Configurable Google Analytics (#61) [ALS-4797] Add Configurable Google Analytics * [ALS-4998] Update HPDS auth & open HPDS auth and open are now deployed based on different variables. This allows a user to select auth, open, or both. env_is_open_access will only be used to set the tag. * adding env_is_auth to variables * ternary fix. * update for explicitly handling project. * typo * [ALS-4998] Fix outputs.tf * [ALS-4998] Fix outputs.tf * Use alb vpc for SG for HTTPD * updating aws_subnets public to use alb vpc * use project based db subnet groups * updating subnet group name * Looks like aws api limits looking up RDS subnet groups by name only. * adding filtering for to find the staging ( predev ) target group * filter using project and stack tags in the lb * create a target group attachment for the stack. * availability zone needs to be set to all to attach out of scope vpcs. * adding filter for target group * attach target group using project and stack tags * create target group attachment resource and add staging ( predev ) instance on deployment. * need a mechanism to handle deployment and environment promotion. * is_promote_lb_tg should be left as default and not defined in the teardown process. We will always want to deploy to staging. * Next is to deprecate current move dns pointer job and implement updating the aws_lb_target_group_attachment for each stack when staging is promoted to live. * adding tags an ability to target live and staging. * deployments ( teardown ) target's should only ever target staging. Teardown should never set is_promote_lb_tg let the default handle it. * replacement for move dns pointer jenkins job should promote current staging to live tg and updates is live tag. Also demotes live to staging and updates tag. Simply set the is_promote_lb_tg to true. * needed to create the tag:Stack on one of the lbs as it was missing. Maybe tag:subDomain is a better tag name for the lb. Needs to be handled by the alb module that controls the state of the lb. * type for locals * only 1 tag filter? * and live subdomain variable * Cannot use tags to lookup lb target group for data resource in current aws provider version. Trying the latest provider version * Tag filter seems to be different for data resources for lb tg * update to change to var to local * missed var declaration * latest provider doesn't like how assume roles is handling creds. * Need to use name or arn A bit in limbo as tags is not available for aws provider version. Updating the provider version breaks out of scope resources. Should switch to tags when provider can be updated and tested properly. Leaving tag logic here so it's easy to implement when available. * typo * missing var * need to use private ip * clarification * bit more clarification * moving tga tf methodology out of scope. Can try to implement later. * [ALS-5052] Update hpds scripts to use tomcat docker image (#71) * [ALS-4731] Add named dataset table to schema. * Adding a tag for HTTPD Node to be more identifiable. * use custom log format for capturing client IP * merge * Fix TF template vars * Feature/vhost (#80) * adding vars to vhost * declaring variable * adding explicit vhost for staging env. * staging should use the preprod_certs * Feature/fixes for auth deployment (#84) * fix ternary * include * bad output? * adding back after destroying * handling the output differently. * Is possible to have no hpds currently running if both set to false. * Output breaks if in a bad state * no ternary * typo * remove githash from name of stuff. * using a random uniq name is more flexible. * If something is created with that githash for whatever reason it will have to be destroyed manually if state file is missing or corrupt * attempting to remove githash * outputs fix * output empty value instead * adding env_project to s3 role names * need to handle space in project * like hyphen more then underscore * [ALS-5112] Update aggregate resource properties The aggregate resource needs the visualization ID. * Fix Analytics ID name --------- Co-authored-by: Tom <[email protected]> Co-authored-by: gcolon021 <[email protected]> * [ALS-5134] Add Google Tag Manager ID * removing unused variable * [ALS-5134] CSP update * [ALS-5134] CSP update for tag manager * Feature/conditional resource configuration (#94) ### Adding conditionals to sql statements to handle dynamic hpds resource registration * Added conditionals to sql statement to render insertion records for auth and open hpds * No new variables generated. Reusing the variables that handle whether the project is using open and auth hpds. --------- Co-authored-by: Tom <[email protected]> * [ALS-5128] Add fence mapping file to dictionary resource (#97) * Add dataset-s3-object-key * Add fence mapping * Cleaning up some naming standards (#99) # Just gravitating to better naming standards for resources and variables. Just do the best we can with the flat model. Lot's of past sins still left with poorly named resources. * test/open/fence-mapping-fix/ (#100) # Updating security policies * allow dictionary resource to pull fence_mapping.json from s3 * Remove var prefix from terraform rendering (#103) # remove var from the prefix. * No need for var for terraform rendering. * Als 4942 (#104) # RDS Snapshot predestroy * fix sql script * add snapshot id to picsure-db object * configure wildfly user-script to only initialize db if no snapshot was given ( it will be an empty db if a snapshot is not given ) * ALS-3951 - Added waiting for tagging init to HPDS Instances. Various Cleanup. (#107) # HPDS Instances will now wait for the container to be initialized before tagging * Updated hpds userscripts to monitor the docker log to wait for container to initialize. * Moved some sql scripts to the picsuredb resource. Bit better home for them. * Updated s3 roles to allow configs to be pulled without having to continually update s3 roles. * s3 roles will need a follow up tickets to clean out all the outdates statements. Bit out of scope for this ticket. * Had critical issue pop up during this work. Need to update the deployed hpds with it's stack resources. * Update wildfly-user_data.sh (#106) * update for wildfly logs * allow putmetricdata * all policies * only role_policies * [ALS-5344] Add banner_config.json (#109) * [ALS-5344] Add banner_config.json The banner_config.json is now correctly uploaded to S3, copied to the HTTPD EC2, and mounted to the HTTPD docker volume. * [ALS-4498] Configure httpOnly (#111) --------- Co-authored-by: Tom <[email protected]> Co-authored-by: gcolon021 <[email protected]> Co-authored-by: bp85 <[email protected]> Co-authored-by: Gcolon021 <[email protected]> Co-authored-by: Bhanu Prasad G <[email protected]> Co-authored-by: ramari16 <[email protected]> Co-authored-by: Samantha Piatt <[email protected]> Co-authored-by: James <[email protected]> Co-authored-by: michael pitts <[email protected]> Co-authored-by: Michael Pitts <[email protected]>
- Loading branch information
11 people
authored
Dec 7, 2023
1 parent
dd148d3
commit 3c4e1fc