From dab515abaf2ce73b1aa0925c9e7c31aec6a2fa21 Mon Sep 17 00:00:00 2001 From: Connor Barker Date: Thu, 5 Dec 2024 13:24:04 -0500 Subject: [PATCH 1/4] final helm chart --- terraform/gcp/envs/prod.tfvars | 17 ++++++++++- terraform/gcp/k8s/environments/dev.yaml | 3 +- terraform/gcp/k8s/environments/prod.yaml | 37 +++++++++++++++++++----- 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/terraform/gcp/envs/prod.tfvars b/terraform/gcp/envs/prod.tfvars index e2ef9b57b8..8a6d000af8 100644 --- a/terraform/gcp/envs/prod.tfvars +++ b/terraform/gcp/envs/prod.tfvars @@ -7,7 +7,7 @@ dns_ttl = 300 admin_url = "juniper-cmi.org" environment = "prod" # note: automatically creates DNS records for these portals under the admin domain -portals = ["demo"] +portals = ["demo", "hearthive", "ourhealth", "trccproject", "gvasc"] admin_dnssec = "off" k8s_namespace = "juniper-prod" @@ -17,6 +17,21 @@ customer_urls = { url = "juniperdemostudy.org" dnssec = "off" } + + gvasc = { + url = "gvascstudy.org" + dnssec = "off" + } + + hearthive = { + url = "thehearthive.org" + dnssec = "off" + } + + ourhealth = { + url = "ourhealthstudy.org" + dnssec = "off" + } } slack_notification_channel = "projects/broad-juniper-prod/notificationChannels/9072110396476167224" diff --git a/terraform/gcp/k8s/environments/dev.yaml b/terraform/gcp/k8s/environments/dev.yaml index d77f35ce43..01563b3680 100644 --- a/terraform/gcp/k8s/environments/dev.yaml +++ b/terraform/gcp/k8s/environments/dev.yaml @@ -2,7 +2,8 @@ gcpProject: broad-juniper-dev gcpRegion: us-central1 adminUrl: juniper-cmi.dev deploymentZone: dev -appVersion: 1.4.63 +appVersion: 1.4.141 +enableMaintenanceMode: true replicas: 1 # "portals" adds certificates for each portal - both for the juniper-cmi.dev subdomains and the custom domain portals: diff --git a/terraform/gcp/k8s/environments/prod.yaml b/terraform/gcp/k8s/environments/prod.yaml index 85499a3e00..3ebb5d1071 100644 --- a/terraform/gcp/k8s/environments/prod.yaml +++ b/terraform/gcp/k8s/environments/prod.yaml @@ -2,6 +2,8 @@ gcpProject: broad-juniper-prod gcpRegion: us-central1 adminUrl: juniper-cmi.org deploymentZone: prod +appVersion: 1.4.138 +enableMaintenanceMode: true replicas: 3 # "portals" adds certificates for each portal - both for the admin subdomains and the custom domain portals: @@ -9,13 +11,32 @@ portals: customDomain: juniperdemostudy.org b2c: admin: - clientId: 705c09dc-5cca-43d3-ae06-07de78bad29a - tenantName: ddpdevb2c - policyName: B2C_1A_ddp_admin_signup_signin_dev + clientId: f02b3816-af49-4a78-a2a5-b929c78a6c47 + tenantName: broadjuniperadmin + policyName: B2C_1A_ddp_admin_signup_signin_admin-prod portals: + ourhealth: + tenantName: ourhealthstudy + clientId: 810055b4-eafc-488e-bc9c-eaa8dd759685 + policyName: B2C_1A_ddp_participant_signup_signin_ourhealth-prod + changePasswordPolicyName: B2C_1A_ddp_participant_change_password_ourhealth-prod + hearthive: + tenantName: hearthive + clientId: ede6cbb1-a2c3-44c0-9a8a-496d48d6f307 + policyName: B2C_1A_ddp_participant_signup_signin_hearthive-prod + changePasswordPolicyName: B2C_1A_ddp_participant_change_password_hearthive-prod + gvasc: + tenantName: gvascprod + clientId: 84192db4-8a68-4f9c-9bd0-b104a24f62f9 + policyName: B2C_1A_ddp_participant_signup_signin_gvasc-prod + changePasswordPolicyName: B2C_1A_ddp_participant_change_password_gvasc-prod + atcp: + tenantName: does-not-exist + clientId: does-not-exist + policyName: does-not-exist + changePasswordPolicyName: does-not-exist demo: - changePasswordPolicyName: B2C_1A_ddp_participant_change_password_demo-dev - clientId: 37d95cc4-7c71-465e-9fc2-66be9a54c202 - policyName: B2C_1A_ddp_participant_signup_signin_demo-dev - tenantName: juniperdemodev - + tenantName: juniperdemoprod + clientId: 895c5f41-5a84-4863-b34c-c84d297006e3 + policyName: B2C_1A_ddp_participant_signup_signin_demo-prod + changePasswordPolicyName: B2C_1A_ddp_participant_change_password_demo-prod From 8f6c185d6dd4b3067890b8bbe6c591f0d8751012 Mon Sep 17 00:00:00 2001 From: Devon Bush Date: Sun, 8 Dec 2024 22:23:09 -0500 Subject: [PATCH 2/4] [JN-1530] add mixpanel and airtable secret, sendgrid DNS --- terraform/gcp/dns_customer.tf | 23 ++++++ terraform/gcp/envs/dev.tfvars | 1 + terraform/gcp/envs/prod.tfvars | 75 ++++++++++++++++++- terraform/gcp/k8s/environments/dev.yaml | 8 +- .../gcp/k8s/templates/admin-deployment.yml | 4 + .../k8s/templates/participant-deployment.yml | 2 + terraform/gcp/secrets.tf | 21 ++++++ terraform/gcp/variables.tf | 6 ++ 8 files changed, 135 insertions(+), 5 deletions(-) diff --git a/terraform/gcp/dns_customer.tf b/terraform/gcp/dns_customer.tf index ebff6603d0..f1aafb1f36 100644 --- a/terraform/gcp/dns_customer.tf +++ b/terraform/gcp/dns_customer.tf @@ -72,3 +72,26 @@ resource "google_dns_record_set" "irb_portal_customer_url" { ttl = var.dns_ttl type = "CNAME" } + +resource "google_dns_record_set" "additional_customer_records" { + # for each customer, create a record for each additional record (e.g. sendgrid, dmarc, etc.) + for_each = { + for index, item in flatten([ + for customer_key, dns_config in var.customer_urls : [ + for dns_record in dns_config.additional_records : { + customer_key = customer_key + name = dns_record.name + type = dns_record.type + ttl = dns_record.ttl + value = dns_record.value + } + ] + ]) : index => item # for_each expects maps, so convert the list of objects to a map + } + + managed_zone = google_dns_managed_zone.customer_dns_zone[each.value.customer_key].name + name = each.value.name + type = each.value.type + rrdatas = [each.value.value] + ttl = each.value.ttl +} diff --git a/terraform/gcp/envs/dev.tfvars b/terraform/gcp/envs/dev.tfvars index afbfbd7ade..1ff39bf72f 100644 --- a/terraform/gcp/envs/dev.tfvars +++ b/terraform/gcp/envs/dev.tfvars @@ -14,6 +14,7 @@ customer_urls = { demo = { url = "juniperdemostudy.dev" dnssec = "off" + additional_records = [] } } diff --git a/terraform/gcp/envs/prod.tfvars b/terraform/gcp/envs/prod.tfvars index e2ef9b57b8..791e66cbee 100644 --- a/terraform/gcp/envs/prod.tfvars +++ b/terraform/gcp/envs/prod.tfvars @@ -7,7 +7,7 @@ dns_ttl = 300 admin_url = "juniper-cmi.org" environment = "prod" # note: automatically creates DNS records for these portals under the admin domain -portals = ["demo"] +portals = ["demo", "atcp", "ourhealth", "hearthive", "rgp", "cmi"] admin_dnssec = "off" k8s_namespace = "juniper-prod" @@ -16,6 +16,79 @@ customer_urls = { demo = { url = "juniperdemostudy.org" dnssec = "off" + additional_records = [] + } + hearthive = { + url = "thehearthive.org" + dnssec = "off" + additional_records = [ + { + name = "s1._domainkey" + type = "CNAME" + ttl = 3600 + value = "s1.domainkey.u33588015.wl016.sendgrid.net" + }, + { + name = "s2._domainkey" + type = "CNAME" + ttl = 3600 + value = "s2.domainkey.u33588015.wl016.sendgrid.net" + }, + { + name = "em6454" + type = "CNAME" + ttl = 3600 + value = "u33588015.wl016.sendgrid.net" + }, + { + name = "url9076" + type = "CNAME" + ttl = 3600 + value = "sendgrid.net" + }, + { + name = "_dmarc" + type = "TXT" + ttl = 3600 + value = "v=DMARC1; p=none;" + }, + { + name = "33588015" + type = "CNAME" + ttl = 3600 + value = "sendgrid.net" + } + ] + } + ourhealth = { + url = "ourhealthstudy.org" + dnssec = "off" + additional_records = [ + { + name = "s1._domainkey" + type = "CNAME" + ttl = 3600 + value = "s1.domainkey.u33588015.wl016.sendgrid.net." + }, + { + name = "s2._domainkey" + type = "CNAME" + ttl = 3600 + value = "s2.domainkey.u33588015.wl016.sendgrid.net." + }, + { + name = "em1287" + type = "CNAME" + ttl = 3600 + value = "u33588015.wl016.sendgrid.net." + }, + { + name = "em1800" + type = "CNAME" + ttl = 3600 + value = "u32431094.wl095.sendgrid.net." + } + ] } } diff --git a/terraform/gcp/k8s/environments/dev.yaml b/terraform/gcp/k8s/environments/dev.yaml index d77f35ce43..fdcd086f7c 100644 --- a/terraform/gcp/k8s/environments/dev.yaml +++ b/terraform/gcp/k8s/environments/dev.yaml @@ -20,10 +20,10 @@ b2c: policyName: B2C_1A_ddp_admin_signup_signin_dev portals: atcp: - changePasswordPolicyName: does-not-exist - clientId: does-not-exist - policyName: does-not-exist - tenantName: does-not-exist + changePasswordPolicyName: B2C_1A_ddp_participant_change_password_atcp-dev + clientId: 2408089d-2dc5-46f6-bfdd-cb0c8c4c13d1 + policyName: B2C_1A_ddp_participant_signup_signin_atcp-dev + tenantName: juniperatcpdev cmi: changePasswordPolicyName: B2C_1A_ddp_participant_change_password_cmi-dev clientId: 0cdfdafd-75fb-4e36-b6a2-c00e79c86bb0 diff --git a/terraform/gcp/k8s/templates/admin-deployment.yml b/terraform/gcp/k8s/templates/admin-deployment.yml index 807952439d..2cf0c17e18 100644 --- a/terraform/gcp/k8s/templates/admin-deployment.yml +++ b/terraform/gcp/k8s/templates/admin-deployment.yml @@ -139,6 +139,10 @@ spec: value: tdr-sa-creds - name: TDR_EXPORT_STORAGE_ACCOUNT_KEY_SECRET_ID value: tdr-storage-account-key + - name: MIXPANEL_TOKEN + value: mixpanel-token + - name: AIRTABLE_AUTH_TOKEN + value: airtable-auth-token resources: requests: # The proxy's memory use scales linearly with the number of active diff --git a/terraform/gcp/k8s/templates/participant-deployment.yml b/terraform/gcp/k8s/templates/participant-deployment.yml index a3597ffc79..6b4074c1ec 100644 --- a/terraform/gcp/k8s/templates/participant-deployment.yml +++ b/terraform/gcp/k8s/templates/participant-deployment.yml @@ -137,6 +137,8 @@ spec: value: tdr-sa-creds - name: TDR_EXPORT_STORAGE_ACCOUNT_KEY_SECRET_ID value: tdr-storage-account-key + - name: MIXPANEL_TOKEN + value: mixpanel-token resources: requests: memory: "2Gi" diff --git a/terraform/gcp/secrets.tf b/terraform/gcp/secrets.tf index 11dc1a490e..9fdd2c0e88 100644 --- a/terraform/gcp/secrets.tf +++ b/terraform/gcp/secrets.tf @@ -43,3 +43,24 @@ resource "google_secret_manager_secret" "smarty_auth_token" { auto {} } } + +resource "google_secret_manager_secret" "smarty_auth_token" { + secret_id = "smarty-auth-token" + replication { + auto {} + } +} + +resource "google_secret_manager_secret" "mixpanel_token" { + secret_id = "mixpanel-token" + replication { + auto {} + } +} + +resource "google_secret_manager_secret" "airtable_auth_token" { + secret_id = "airtable-auth-token" + replication { + auto {} + } +} diff --git a/terraform/gcp/variables.tf b/terraform/gcp/variables.tf index d5b0a7226d..b073738090 100644 --- a/terraform/gcp/variables.tf +++ b/terraform/gcp/variables.tf @@ -62,6 +62,12 @@ variable "customer_urls" { type = map(object({ url = string dnssec = string + additional_records = list(object({ + name = string + type = string + ttl = number + value = string + })) })) description = "Customer URLs" } From 25c0e52f5b5f6eebb08e81b8dab322d9a20aae49 Mon Sep 17 00:00:00 2001 From: Connor Barker Date: Mon, 9 Dec 2024 13:29:00 -0500 Subject: [PATCH 3/4] fix sm --- api-admin/src/main/resources/application-gcp.yml | 4 ++++ terraform/gcp/k8s/environments/dev.yaml | 3 +-- terraform/gcp/k8s/templates/admin-deployment.yml | 4 ++-- terraform/gcp/k8s/templates/participant-deployment.yml | 2 +- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/api-admin/src/main/resources/application-gcp.yml b/api-admin/src/main/resources/application-gcp.yml index af811d09d9..b14e44eaac 100644 --- a/api-admin/src/main/resources/application-gcp.yml +++ b/api-admin/src/main/resources/application-gcp.yml @@ -16,6 +16,10 @@ env: addrValidation: smartyAuthId: ${sm://${SMARTY_AUTH_ID_SECRET_ID}} smartyAuthToken: ${sm://${SMARTY_AUTH_TOKEN_SECRET_ID}} + mixpanel: + token: ${sm://${MIXPANEL_TOKEN_SECRET_ID}} + airtable: + authToken: ${sm://${AIRTABLE_AUTH_TOKEN_SECRET_ID}} spring: cloud: gcp: diff --git a/terraform/gcp/k8s/environments/dev.yaml b/terraform/gcp/k8s/environments/dev.yaml index cbb386a1a8..b6978bb47f 100644 --- a/terraform/gcp/k8s/environments/dev.yaml +++ b/terraform/gcp/k8s/environments/dev.yaml @@ -2,8 +2,7 @@ gcpProject: broad-juniper-dev gcpRegion: us-central1 adminUrl: juniper-cmi.dev deploymentZone: dev -appVersion: 1.4.141 -enableMaintenanceMode: true +appVersion: 1.4.142 replicas: 1 # "portals" adds certificates for each portal - both for the juniper-cmi.dev subdomains and the custom domain portals: diff --git a/terraform/gcp/k8s/templates/admin-deployment.yml b/terraform/gcp/k8s/templates/admin-deployment.yml index 2cf0c17e18..7bb05ddbdf 100644 --- a/terraform/gcp/k8s/templates/admin-deployment.yml +++ b/terraform/gcp/k8s/templates/admin-deployment.yml @@ -139,9 +139,9 @@ spec: value: tdr-sa-creds - name: TDR_EXPORT_STORAGE_ACCOUNT_KEY_SECRET_ID value: tdr-storage-account-key - - name: MIXPANEL_TOKEN + - name: MIXPANEL_TOKEN_SECRET_ID value: mixpanel-token - - name: AIRTABLE_AUTH_TOKEN + - name: AIRTABLE_AUTH_TOKEN_SECRET_ID value: airtable-auth-token resources: requests: diff --git a/terraform/gcp/k8s/templates/participant-deployment.yml b/terraform/gcp/k8s/templates/participant-deployment.yml index 6b4074c1ec..58f0b8d265 100644 --- a/terraform/gcp/k8s/templates/participant-deployment.yml +++ b/terraform/gcp/k8s/templates/participant-deployment.yml @@ -137,7 +137,7 @@ spec: value: tdr-sa-creds - name: TDR_EXPORT_STORAGE_ACCOUNT_KEY_SECRET_ID value: tdr-storage-account-key - - name: MIXPANEL_TOKEN + - name: MIXPANEL_TOKEN_SECRET_ID value: mixpanel-token resources: requests: From 27fa7499587397c0d5bc0b2a91db9000c6f6bce0 Mon Sep 17 00:00:00 2001 From: Connor Barker Date: Mon, 9 Dec 2024 13:31:07 -0500 Subject: [PATCH 4/4] remove appversion --- terraform/gcp/k8s/environments/dev.yaml | 1 - terraform/gcp/k8s/environments/prod.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/terraform/gcp/k8s/environments/dev.yaml b/terraform/gcp/k8s/environments/dev.yaml index b6978bb47f..8af6746847 100644 --- a/terraform/gcp/k8s/environments/dev.yaml +++ b/terraform/gcp/k8s/environments/dev.yaml @@ -2,7 +2,6 @@ gcpProject: broad-juniper-dev gcpRegion: us-central1 adminUrl: juniper-cmi.dev deploymentZone: dev -appVersion: 1.4.142 replicas: 1 # "portals" adds certificates for each portal - both for the juniper-cmi.dev subdomains and the custom domain portals: diff --git a/terraform/gcp/k8s/environments/prod.yaml b/terraform/gcp/k8s/environments/prod.yaml index 3ebb5d1071..86c0fedcb3 100644 --- a/terraform/gcp/k8s/environments/prod.yaml +++ b/terraform/gcp/k8s/environments/prod.yaml @@ -2,7 +2,6 @@ gcpProject: broad-juniper-prod gcpRegion: us-central1 adminUrl: juniper-cmi.org deploymentZone: prod -appVersion: 1.4.138 enableMaintenanceMode: true replicas: 3 # "portals" adds certificates for each portal - both for the admin subdomains and the custom domain