-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates made on NSIDC Fork #193
Changes from 6 commits
ce00426
c6aefc5
2d701be
eb4e829
5297e5d
129d284
ae98488
efbf367
67607f9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -2,7 +2,7 @@ module "thin_egress_app" { | |||||
source = "s3::https://s3.amazonaws.com/asf.public.code/thin-egress-app/tea-terraform-build.1.3.5.zip" | ||||||
|
||||||
auth_base_url = var.urs_url | ||||||
bucket_map_file = local.bucket_map_key == null ? aws_s3_object.bucket_map_yaml.id : local.bucket_map_key | ||||||
bucket_map_file = local.bucket_map_key == null ? aws_s3_object.bucket_map_yaml[0].id : local.bucket_map_key | ||||||
bucketname_prefix = "" | ||||||
config_bucket = local.system_bucket | ||||||
cookie_domain = var.thin_egress_cookie_domain | ||||||
|
@@ -35,12 +35,14 @@ resource "aws_secretsmanager_secret" "thin_egress_urs_creds" { | |||||
resource "aws_secretsmanager_secret_version" "thin_egress_urs_creds" { | ||||||
secret_id = aws_secretsmanager_secret.thin_egress_urs_creds.id | ||||||
secret_string = jsonencode({ | ||||||
UrsId = var.urs_client_id | ||||||
UrsAuth = base64encode("${var.urs_client_id}:${var.urs_client_password}") | ||||||
UrsId = local.urs_tea_client_id | ||||||
UrsAuth = base64encode("${local.urs_tea_client_id}:${local.urs_tea_client_password}") | ||||||
}) | ||||||
} | ||||||
|
||||||
resource "aws_s3_object" "bucket_map_yaml" { | ||||||
# If bucket_map_key is set, we already have a bucket map on S3 and don't need to create one | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe clarify that it's coming from the daac module instead something like this:
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good call - updated on the next commit. |
||||||
count = local.bucket_map_key == null ? 1 : 0 | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. At ASF we just changed the key that the daac module uploads the bucket map to so that it doesn't conflict with the core bucket map and then we just ignore the core bucket map. But it's probably less confusing for core to just skip creating that extraneous bucket map all together. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see - this makes sense and is good to know! |
||||||
bucket = local.system_bucket | ||||||
key = "${local.prefix}/thin-egress-app/${local.prefix}-bucket_map.yaml" | ||||||
content = templatefile("./thin-egress-app/bucket_map.yaml.tmpl", { | ||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -152,6 +152,16 @@ variable "urs_client_password" { | |
|
||
# Optional | ||
|
||
variable "urs_tea_client_id" { | ||
type = string | ||
default = null | ||
} | ||
|
||
variable "urs_tea_client_password" { | ||
type = string | ||
default = null | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you explain to me the use case for having different URS clients for TEA and cumulus? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good question! This update predates my time at NSIDC, but I believe this is because the dashboard (corresponding to the urs_client_id/password) and the TEA (corresponding to the urs_tea_client_id/password) are two separate EDL applications that have different IDs and passwords. |
||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we move these down to where the other TEA variables are? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe add a description saying that they will default to the non-tea version of the variables? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good call - done in the next commit. |
||
variable "api_gateway_stage" { | ||
type = string | ||
default = "dev" | ||
|
@@ -356,6 +366,12 @@ variable "ecs_cluster_instance_docker_volume_size" { | |
default = 50 | ||
} | ||
|
||
variable "ecs_include_docker_cleanup_cronjob" { | ||
description = "*Experimental* flag to configure a cron to run fstrim on all active container root filesystems" | ||
type = bool | ||
default = false | ||
} | ||
|
||
variable "bucket_map" { | ||
type = map(object({ name = string, type = string })) | ||
default = {} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great catch!