Skip to content

Commit

Permalink
#542 Add all ENVs to tf
Browse files Browse the repository at this point in the history
  • Loading branch information
tariqksoliman committed May 22, 2024
1 parent e89723c commit 5f0ab3d
Show file tree
Hide file tree
Showing 2 changed files with 113 additions and 52 deletions.
55 changes: 30 additions & 25 deletions sds/unity/terraform/terraform.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,8 @@ data "aws_ssm_parameter" "subnet_list" {
# name = "/unity/account/ecs/execution_role_arn"
#}

locals {
subnet_map = jsondecode(data.aws_ssm_parameter.subnet_list.value)
subnet_ids = nonsensitive(local.subnet_map["private"])
public_subnet_ids = nonsensitive(local.subnet_map["public"])
}


module "base" {
source = "git::ssh://[email protected]/terraform/base?ref=6.0.0"
source = ""
project = var.project
venue = var.venue
subsystem = var.subsystem
Expand All @@ -40,55 +33,67 @@ module "base" {
ebs_block_device_size = var.ebs_block_device_size
root_block_device_size = var.root_block_device_size
ebs_mount_directory = var.ebs_mount_directory
csso_proxy_only = var.csso_proxy_only
application_endpoint_url = var.application_endpoint_url
terraform_app_commit = var.terraform_app_commit
deployment_method = var.deployment_method
secrets = local.secrets
stickiness_enabled = var.stickiness_enabled
docker_volume_path = var.docker_volume_path
efs_config = {
efs_id = var.efs_id
efs_root_directory = var.efs_root_directory
}
}

locals {
subnet_map = jsondecode(data.aws_ssm_parameter.subnet_list.value)
subnet_ids = nonsensitive(local.subnet_map["private"])
public_subnet_ids = nonsensitive(local.subnet_map["public"])
}


# Application environment variables
locals {
environment_vars = {
AWS_DEFAULT_REGION = module.base.aws_region
CS3_GET_PARAMETERS = module.base.ps_path
DOMAIN = module.base.cname
SERVER = var.server
AUTH = var.auth
NODE_ENV = var.node_env
CSSO_LEAD_GROUP = var.csso_lead_group
SESSION_USER = var.session_user
INGEST_RATE = var.ingest_rate
SECRET = module.base.auto_generated_password
DB_HOST = var.db_host
DB_PORT = var.db_port
DB_NAME = var.db_name
DB_USER = var.db_user
CSSO_GROUPS = "[${join(", ", formatlist("\"%s\"", var.groups))}]"
SESSION_HOST = module.base.csso_login_url
TACTICAL_HOST = var.tactical_host
PLACES_HOST = var.places_host
SCIENCE_INTENT_HOST = var.science_intent_host
MTTTT_HOST = var.mtttt_host
ENABLE_MMGIS_WEBSOCKETS = var.enable_mmgis_websockets
PORT = var.app_listening_port
DB_POOL_MAX = var.db_pool_max
DB_POOL_TIMEOUT = var.db_pool_timeout
DB_POOL_IDLE = var.db_pool_idle
CSSO_GROUPS = var.csso_groups
VERBOSE_LOGGING = var.verbose_logging
FRAME_ANCESTORS = var.frame_ancestors
FRAME_SRC = var.frame_src
THIRD_PARTY_COOKIES = var.third_party_cookies
ROOT_PATH = var.root_path
WEBSOCKET_ROOT_PATH = var.websocket_root_path
CLEARANCE_NUMBER = var.clearance_number
DISABLE_LINK_SHORTENER = var.disable_link_shortener
HIDE_CONFIG = var.hide_config
CONFIGCONFIG_PATH = var.configconfig_path
FORCE_CONFIG_PATH = var.force_config_path
LEADS = "[${join(", ", formatlist("\"%s\"", var.leads))}]"
ENABLE_MMGIS_WEBSOCKETS = var.enable_mmgis_websockets
ENABLE_CONFIG_WEBSOCKETS = var.enable_config_websockets
ENABLE_CONFIG_OVERRIDE = var.enable_config_override
MAIN_MISSION = var.main_mission
SKIP_CLIENT_INITIAL_LOGIN = var.skip_client_initial_login
GENERATE_SOURCEMAP = var.generate_sourcemap
SPICE_SCHEDULED_KERNEL_DOWNLOAD = var.spice_scheduled_kernel_download
SPICE_SCHEDULED_KERNEL_DOWNLOAD_ON_START = var.spice_scheduled_kernel_download_on_start
SPICE_SCHEDULED_KERNEL_cron_expr = var.spice_scheduled_kernel_cron_expr
}
}

locals {
secrets = {
DB_PASS = var.db_password
SESSION_PASS = var.session_pass
SECRET = var.secret
DB_PASS = var.db_pass
}
}
110 changes: 83 additions & 27 deletions sds/unity/terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,25 +31,18 @@ variable "installprefix" {
default = "UnknownPrefix"
}


variable "server" {
default = "node"
}
variable "auth" {
default = "csso"
default = "none"
}
variable "node_env" {
default = "production"
}
variable "csso_lead_group" {
}
variable "session_user" {
description = "application account for authorization to other services"
}
variable "session_pass" {
description = "application account for authorization to other services"
}
variable "ingest_rate" {
default = "0 7 * * *"
variable "secret" {
description = "Some random string"
}
variable "db_host" {
description = "postgres db endpoint"
Expand All @@ -64,37 +57,64 @@ variable "db_name" {
variable "db_user" {
description = "postgres db user"
}
variable "db_password" {
variable "db_pass" {
description = "postgres db password"
}
variable "tactical_host" {
description = "url to tactical target db"
variable "port" {
description = "Port to run on"
default = 3000
}
variable "places_host" {
description = "url to PLACES"
variable "db_pool_max" {
description = "Max number connections in the database’s pool. CPUs * 4 is a good number"
default = 10
}
variable "science_intent_host" {
description = "url to science intent api"
variable "db_pool_timeout" {
description = "How many milliseconds until a DB connection times out"
default = 30000
}
variable "mtttt_host" {
description = "url to mtttt api"
variable "db_pool_idle" {
description = "How many milliseconds for an incoming connection to wait for a DB connection before getting kicked away"
default = 10000
}
variable "enable_mmgis_websockets" {
description = "enables websockets so that clients can immediately respond to backend configuration changes"
default = false
variable "csso_groups" {
description = "A list of CSSO LDAP groups that have access"
type = list(string)
default = []
}
variable "verbose_logging" {
description = "logs a bunch of extra stuff for development purposes"
default = false
}
variable "hide_config" {
description = "make the configure page inaccessible to everyone"
variable "frame_ancestors" {
description = "Sets the Content-Security-Policy: frame-ancestors header to allow the embedding of MMGIS in the specified external sites"
}
variable "frame_src" {
description = "Sets the Content-Security-Policy: frame-src header to allow the embedding iframes from external origins into MMGIS"
}
variable "third_party_cookies" {
description = "Sets 'SameSite=None; Secure' on the login cookie. Useful when using AUTH=local as an iframe within a cross-origin page."
default = false
}
variable "configconfig_path" {
description = "the path to a json file that sets up the configure page that overrides the database's recor"
variable "root_path" {
description = "Set MMGIS to be deployed under a subpath. For example if serving at the subpath ‘https://{domain}/path/where/I/serve/mmgis’ is desired, set ROOT_PATH=/path/where/I/serve/mmgis. If no subpath, leave blank."
default = ""
}
variable "websocket_root_path" {
description = "Overrides ROOT_PATH's use when the client connects via websocket. Websocket url: ${ws_protocol}://${window.location.host}${WEBSOCKET_ROOT_PATH || ROOT_PATH || ''}/"
default = ""
}
variable "clearance_number" {
description = "Sets a clearance number for the website"
default = "CL##-####"
}
variable "disable_link_shortener" {
description = "If true, users that use the 'Copy Link' feature will receive a full-length deep link. Writing new short links will be disabled but expanding existing ones will still work."
default = false
}
variable "hide_config" {
description = "make the configure page inaccessible to everyone"
default = false
}
variable "force_config_path" {
description = "the path to a json config file that acts as the only configured mission for the instance"
default = ""
Expand All @@ -103,4 +123,40 @@ variable "leads" {
description = "array of strings - default [] - when not using AUTH=csso, this is a list of usernames to be treated as leads (users with elevated permissions)"
type = list(string)
default = []
}
variable "enable_mmgis_websockets" {
description = "enables websockets so that clients can immediately respond to backend configuration changes"
default = false
}
variable "enable_config_websockets" {
description = "If true, notifications are sent to /configure users whenever the current mission's configuration object changes out from under them and then puts (overridable) limits on saving"
default = false
}
variable "enable_config_override" {
description = "For use when ENABLE_CONFIG_WEBSOCKETS=true (if ENABLE_CONFIG_WEBSOCKETS=false, all saves will freely overwrite already). If true, gives /configure users the ability to override changes made to the configuration while they were working on it with their own."
default = false
}
variable "main_mission" {
description = "If the new MAIN_MISSION ENV is set to a valid mission, skip the landing page and go straight to that mission. Other missions will still be accessible by either forcing the landing page (clicking the top-left M logo) or by going to a link directly."
default = ""
}
variable "skip_client_initial_login" {
description = "If true, MMGIS will not auto-login returning users. This can be useful when login is managed someplace else. The initial login process can be manually triggered with mmgisAPI.initialLogin()"
default = false
}
variable "generate_sourcemap" {
description = "If true at build-time, JavaScript source maps will also be built"
default = false
}
variable "spice_scheduled_kernel_download" {
description = "If true, then at every other midnight, MMGIS will read /Missions/spice-kernels-conf.json and re/download all the specified kernels. See /Missions/spice-kernels-conf.example.json"
default = false
}
variable "spice_scheduled_kernel_download_on_start" {
description = "If true, then also triggers the kernel download when MMGIS starts"
default = false
}
variable "spice_scheduled_kernel_cron_expr" {
description = "A cron schedule expression for use in the node-schedule npm library"
default = "0 0 */2 * *"
}

0 comments on commit 5f0ab3d

Please sign in to comment.