diff --git a/Jenkinsfile b/Jenkinsfile index c408ece0..bb3c0595 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,22 @@ @Library(value='kids-first/aws-infra-jenkins-shared-libraries', changelog=false) _ - -ecs_service_type_1 { +ecs_service_type_1_standard { projectName = "kf-api-dataservice" - agentLabel = "terraform-testing" + create_sns_topic = "1" + create_additional_internal_alb = "1" + internal_app = "false" + environments = "dev,qa,prd" + docker_image_type = "alpine" + entrypoint_command = "/app/bin/run.sh" + deploy_scripts_version = "master" + quick_deploy = "true" + external_config_repo = "false" + container_port = "80" + vcpu_container = "2048" + memory_container = "4096" + vcpu_task = "2048" + memory_task = "4096" + health_check_path = "/" + dependencies = "ecr" + friendly_dns_name = "dataservice" + additional_ssl_cert_domain_name = "*.kidsfirstdrc.org" } diff --git a/config.py b/config.py index d2b9b981..e986da2e 100644 --- a/config.py +++ b/config.py @@ -59,57 +59,7 @@ class TestingConfig(Config): class ProductionConfig(Config): - @staticmethod - def init_app(app): - import hvac - - vault_url = os.environ.get('VAULT_URL', 'https://vault:8200/') - # Role to authenticate with - vault_role = os.environ.get('VAULT_ROLE', 'DataserviceRole') - # Paths for secrets in vault - pg_secret = os.environ.get('DB_SECRET', 'secret/postgres') - indexd_secret = os.environ.get('INDEXD_SECRET', 'secret/indexd') - bucket_token = os.environ.get('BUCKET_SERVICE_TOKEN_SECRET', None) - bucket_url = os.environ.get('BUCKET_SERVICE_URL_SECRET', None) - # Retrieve secrets - client = hvac.Client(url=vault_url) - client.auth_iam(vault_role) - pg_secrets = client.read(pg_secret) - indexd_secrets = client.read(indexd_secret) - bucket_token = client.read(bucket_token) if bucket_token else None - bucket_url = client.read(bucket_url) if bucket_url else None - client.logout() - - # Construct postgres connection string - pg_user = pg_secrets['data']['user'] - pg_pass = pg_secrets['data']['password'] - connection_str = 'postgres://{}:{}@{}:{}/{}'.format( - pg_user, - pg_pass, - Config.PG_HOST, - Config.PG_PORT, - Config.PG_NAME) - - app.config['SQLALCHEMY_DATABASE_URI'] = connection_str - - # Extract indexd auth - app.config['INDEXD_USER'] = indexd_secrets['data']['user'] - app.config['INDEXD_PASS'] = indexd_secrets['data']['password'] - - # Get the bucket service's token for auth - if (bucket_token and - 'data' in bucket_token and - 'token' in bucket_token['data']): - app.config['BUCKET_SERVICE_TOKEN'] = \ - bucket_token['data']['token'] - - # Get the bucket service's url - if (bucket_url and - 'data' in bucket_url and - 'invoke_url' in bucket_url['data']): - # All environments use the /api stage in api gateway - app.config['BUCKET_SERVICE_URL'] = \ - bucket_url['data']['invoke_url'] + 'api' + pass class UnixConfig(ProductionConfig): diff --git a/requirements.txt b/requirements.txt index 23613134..60d7779f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -19,8 +19,8 @@ flask-marshmallow==0.8.0 marshmallow==2.16.0 marshmallow-sqlalchemy==0.13.2 psycopg2==2.7.3.2 --e git+https://github.com/dankolbman/hvac#egg=hvac webargs==5.3.0 boto3==1.7.8 botocore==1.10.8 Jinja2==2.10 +requests==2.24.0