-
Notifications
You must be signed in to change notification settings - Fork 6
/
environment
192 lines (175 loc) · 9.19 KB
/
environment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# HCA DSS environment variables
#
# Source this file in your bash shell using "source environment".
#
# The environment variables set in this file are appropriate for the
# HCA DSS development environment. Individual environment variable
# values are overridden when deployed, based on the deployment stage.
# That logic resides in {chalice,daemons}/build_deploy_config.sh.
# TODO: (akislyuk) document configuration ingestion order
# Resolve the location of this file and set DSS_HOME to the root
SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
export DSS_HOME="$(cd -P "$(dirname "$SOURCE")" && pwd)"
EXPORT_ENV_VARS_TO_LAMBDA_ARRAY=(
API_DOMAIN_NAME
AUTH_URL
CHECKOUT_CACHE_CRITERIA
DSS_AUTHORIZED_DOMAINS
DSS_BLOB_PUBLIC_TTL_DAYS
DSS_BLOB_TTL_DAYS
DSS_BUNDLE_MANIFEST_INDEX_LIMIT
DSS_DEBUG
DSS_DEPLOYMENT_STAGE
DSS_EVENT_RELAY_NAME
DSS_GS_BUCKET
DSS_GS_CHECKOUT_BUCKET
DSS_NOTIFICATION_SENDER
DSS_NOTIFY_DELAYS
DSS_NOTIFY_TIMEOUT
DSS_NOTIFY_WORKERS
DSS_S3_BUCKET
DSS_S3_CHECKOUT_BUCKET
DSS_FLASHFLOOD_BUCKET
DSS_VERSION
DSS_XRAY_TRACE
DSS_AWS_FLASHFLOOD_PREFIX_READ
DSS_AWS_FLASHFLOOD_PREFIX_WRITE
DSS_GCP_FLASHFLOOD_PREFIX_READ
DSS_GCP_FLASHFLOOD_PREFIX_WRITE
GCP_PROJECT_NAME
GCP_DEFAULT_REGION
OIDC_AUDIENCE
OIDC_EMAIL_CLAIM
OIDC_GROUP_CLAIM
OPENID_PROVIDER
TOKENINFO_FUNC
)
set -a
EXPORT_ENV_VARS_TO_LAMBDA=${EXPORT_ENV_VARS_TO_LAMBDA_ARRAY[*]}
DSS_DEPLOYMENT_STAGE=dev
ADMIN_USER_EMAILS_SECRETS_NAME=admin_user_emails
AWS_DEFAULT_OUTPUT=json
AWS_DEFAULT_REGION=us-east-1
GCP_DEFAULT_REGION=us-central1
GCP_PROJECT_NAME=human-cell-atlas-travis-test
DSS_EVENT_RELAY_NAME=dss-gs-event-relay-
CHECKOUT_CACHE_CRITERIA='[{"type":"application/json","max_size":12314}]'
DSS_S3_BUCKET=org-humancellatlas-dss-dev
DSS_S3_BUCKET_TEST=org-hca-dss-test
DSS_S3_BUCKET_TEST_FIXTURES=org-hca-dss-test-fixtures
DSS_S3_BUCKET_INTEGRATION=org-humancellatlas-dss-integration
DSS_S3_BUCKET_STAGING=org-hca-dss-staging
DSS_S3_BUCKET_PROD=org-humancellatlas-dss-prod
DSS_S3_CHECKOUT_BUCKET=org-humancellatlas-dss-checkout-dev
DSS_S3_CHECKOUT_BUCKET_TEST=org-hca-dss-checkout-test
DSS_S3_CHECKOUT_BUCKET_TEST_USER=org-hca-dss-checkout-test-user # for tests w/non-dss managed user bucket (i.e. POST /bundles/{uuid}/checkout)
DSS_S3_CHECKOUT_BUCKET_UNWRITABLE=org-hca-dss-checkout-unwritable
DSS_S3_CHECKOUT_BUCKET_INTEGRATION=org-humancellatlas-dss-checkout-integration
DSS_S3_CHECKOUT_BUCKET_STAGING=org-hca-dss-checkout-staging
DSS_S3_CHECKOUT_BUCKET_PROD=org-humancellatlas-dss-checkout-prod
DSS_FLASHFLOOD_BUCKET=org-humancellatlas-dss-events-dev
DSS_FLASHFLOOD_BUCKET_INTEGRATION=org-humancellatlas-dss-events-integration
DSS_FLASHFLOOD_BUCKET_STAGING=org-humancellatlas-dss-events-staging
DSS_FLASHFLOOD_BUCKET_PROD=org-humancellatlas-dss-events-prod
DSS_GS_BUCKET=org-humancellatlas-dss-dev
DSS_GS_BUCKET_TEST=org-hca-dss-test
DSS_GS_BUCKET_TEST_FIXTURES=org-hca-dss-test-fixtures
DSS_GS_BUCKET_INTEGRATION=org-humancellatlas-dss-integration
DSS_GS_BUCKET_STAGING=org-hca-dss-staging
DSS_GS_BUCKET_PROD=org-humancellatlas-dss-prod
DSS_GS_CHECKOUT_BUCKET=org-humancellatlas-dss-checkout-dev
DSS_GS_CHECKOUT_BUCKET_TEST=org-hca-dss-checkout-test
DSS_GS_CHECKOUT_BUCKET_TEST_USER=org-hca-dss-checkout-test-user # for tests w/non-dss managed user bucket (i.e. POST /bundles/{uuid}/checkout)
DSS_GS_CHECKOUT_BUCKET_INTEGRATION=org-humancellatlas-dss-checkout-integration
DSS_GS_CHECKOUT_BUCKET_STAGING=org-hca-dss-checkout-staging
DSS_GS_CHECKOUT_BUCKET_PROD=org-humancellatlas-dss-checkout-prod
DSS_AWS_FLASHFLOOD_PREFIX_READ="aws"
DSS_AWS_FLASHFLOOD_PREFIX_WRITE="aws" # This can be a comma separated list
DSS_GCP_FLASHFLOOD_PREFIX_READ="gcp"
DSS_GCP_FLASHFLOOD_PREFIX_WRITE="gcp" # This can be a comma separated list
DSS_AWS_FLASHFLOOD_PREFIX_READ_INTEGRATION="aws"
DSS_AWS_FLASHFLOOD_PREFIX_WRITE_INTEGRATION="aws" # This can be a comma separated list
DSS_GCP_FLASHFLOOD_PREFIX_READ_INTEGRATION="gcp"
DSS_GCP_FLASHFLOOD_PREFIX_WRITE_INTEGRATION="gcp" # This can be a comma separated list
DSS_AWS_FLASHFLOOD_PREFIX_READ_STAGING="aws"
DSS_AWS_FLASHFLOOD_PREFIX_WRITE_STAGING="aws" # This can be a comma separated list
DSS_GCP_FLASHFLOOD_PREFIX_READ_STAGING="gcp"
DSS_GCP_FLASHFLOOD_PREFIX_WRITE_STAGING="gcp" # This can be a comma separated list
DSS_AWS_FLASHFLOOD_PREFIX_READ_PROD="aws"
DSS_AWS_FLASHFLOOD_PREFIX_WRITE_PROD="aws" # This can be a comma separated list
DSS_GCP_FLASHFLOOD_PREFIX_READ_PROD="gcp"
DSS_GCP_FLASHFLOOD_PREFIX_WRITE_PROD="gcp" # This can be a comma separated list
DSS_INFRA_TAG_PROJECT=dcp
DSS_INFRA_TAG_SERVICE=dss
DSS_NOTIFICATION_SENDER="DSS Notifier <[email protected]>"
ADMIN_USER_EMAILS=""
DCP_DOMAIN=${DSS_DEPLOYMENT_STAGE}.data.humancellatlas.org
API_DOMAIN_NAME="dss.${DCP_DOMAIN}"
TOKENINFO_FUNC=dss.util.security.verify_jwt
# TODO remove https://dev.data.humancellatlas.org/ from OIDC_AUDIENCE once seperate deployments are made
OIDC_AUDIENCE=https://dev.data.humancellatlas.org/,https://${DCP_DOMAIN}/
AUTH_URL=https://auth.testing.data.humancellatlas.org
OPENID_PROVIDER=https://humancellatlas.auth0.com/
OIDC_EMAIL_CLAIM=https://auth.data.humancellatlas.org/email
OIDC_GROUP_CLAIM=https://auth.data.humancellatlas.org/group
NOTIFY_URL=https://${API_DOMAIN_NAME}/internal/notify
DSS_AUTHORIZED_GOOGLE_PROJECT_DOMAIN_ARRAY=(
{human-cell-atlas-travis-test,broad-dsde-mint-{dev,test,staging}}.iam.gserviceaccount.com
)
DSS_AUTHORIZED_DOMAINS=${DSS_AUTHORIZED_GOOGLE_PROJECT_DOMAIN_ARRAY[*]}
DSS_AUTHORIZED_DOMAINS_TEST="human-cell-atlas-travis-test.iam.gserviceaccount.com"
DSS_ES_DOMAIN="dss-index-$DSS_DEPLOYMENT_STAGE"
DSS_ES_INSTANCE_TYPE="m4.large.elasticsearch"
DSS_ES_VOLUME_SIZE="35"
DSS_ES_INSTANCE_COUNT="2"
DSS_ES_DOMAIN_INDEX_LOGS_ENABLED="true"
ACM_CERTIFICATE_IDENTIFIER="3faaa1cf-1669-4f70-9615-fcf5447b1e22"
DSS_ZONE_NAME="dev.data.humancellatlas.org."
PYTHONWARNINGS=ignore:ResourceWarning,ignore::UserWarning:zipfile:
DSS_SECRETS_STORE="dcp/dss"
DSS_PARAMETER_STORE="dcp/dss"
EVENT_RELAY_AWS_USERNAME="dss-event-relay-${DSS_DEPLOYMENT_STAGE}"
EVENT_RELAY_AWS_ACCESS_KEY_SECRETS_NAME="event-relay-user-aws-access-key"
GOOGLE_APPLICATION_CREDENTIALS_SECRETS_NAME="gcp-credentials.json"
GOOGLE_APPLICATION_SECRETS_SECRETS_NAME="application_secrets.json"
ES_ALLOWED_SOURCE_IP_SECRETS_NAME="es_source_ip"
DSS_DEBUG=0
# (DSS_BLOB_TTL_DAYS - DSS_BLOB_PUBLIC_TTL_DAYS ) >= DSS_BLOB_PUBLIC_TTL_DAYS
DSS_BLOB_TTL_DAYS=14
DSS_BLOB_PUBLIC_TTL_DAYS=7
# `{account_id}`, if present, will be replaced with the account ID associated with the AWS credentials used for
# deployment. It can be safely omitted.
DSS_TERRAFORM_BACKEND_BUCKET_TEMPLATE="org-humancellatlas-dss-{account_id}-${DSS_DEPLOYMENT_STAGE}-terraform"
# Configure the delays between notification attempts. The first attempt is immediate. The second attempt is one
# minute later. Then ten minutes, one hour, and six hours in between. Then 24 hours minus all previous delays and
# lastly every 24 hours for six days. This is exponential initially and then levels off where exponential would be
# too infrequent. The last attempt is made seven days after the first one, which is easy to remember.
#
DSS_NOTIFY_DELAYS="0 60 600 3600 21600 60540 86400 86400 86400 86400 86400 86400"
DSS_NOTIFY_TIMEOUT=60 # This may seem excessive but the default of 10s is not enough for Green's Lira
# and would cause the notification to be retried, causing Lira to make a duplicate
# submission.
# Touch base with Lira (Saman and Rex currently) on this timeout once:
# - they have scale-tested their new queue component
# - all subscribers (not only Green Box) agree on the shorter timeout
# https://github.com/HumanCellAtlas/data-store/issues/2398
DSS_NOTIFY_WORKERS=24 # unset to automatically determine the number of workers
# Enables X-Ray profiling of daemons running in AWS Lambdas. A value of 0 disables profiling. A value >1 will enable
# profiling.
DSS_XRAY_TRACE=0
DSS_GCP_SERVICE_ACCOUNT_NAME="travis-test"
# This list manages the GCP Users and serviceAccounts able to access direct URLs on the GS checkout bucket.
# Other GCP entities must use presigned urls, or checkout to an external GS bucket they have access to.
DSS_CHECKOUT_BUCKET_OBJECT_VIEWERS="serviceAccount:[email protected],serviceAccount:[email protected],serviceAccount:caas-prod-account-for-dev@broad-dsde-mint-dev.iam.gserviceaccount.com,group:[email protected]"
AWS_SDK_LOAD_CONFIG=1 # Needed for Terraform to correctly use AWS assumed roles
# AWS managed elasticsearch limits us to 100mb files or it pipe fails, so
# bundles manifests exceeding this many files are not included in the index document.
# https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html#network-limits
# https://stackoverflow.com/questions/55541625/aws-elasticsearch-cluster-method-to-update-http-max-content-length
DSS_BUNDLE_MANIFEST_INDEX_LIMIT="20000"
set +a
if [[ -f "${DSS_HOME}/environment.local" ]]; then
source "${DSS_HOME}/environment.local"
fi