All mock reporting data was moved to a JSON file. The concept of
what JEDI CLIN a particular environment drew money from was added to the
data.
This change had a cascade effect to the reporting class methods,
templates, and Vue components that ingested that reporting data. Many of
these files were modified to adapt to these changes. This also included
modifying the obligated funding bar graphs to reflect new design
changes.
This does the following:
- Removes references to the atst-override.ini file, now deprecated.
- Adds all non-secret data that was managed in the override file to the
relevant K8s ConfigMaps.
- Adds additional documentation explaining out use of Key Vault for
secrets management.
The application now checks for an environment variable,
OVERRIDE_CONFIG_DIRECTORY. If that value is set, it loops all the files
in the specified directory and checks if their names correspond to known
configuration settings. The contents of any matching files are read and
set as the new configuration value for that setting. This will allow us
to read mounted Azure Key Vault items as config values.
This also moves the functionality for applying environment variables to
the config into an analogous function.
This adds an additional volume mount for Flask application secrets.
These will be mounted into the ATST container so that their values can
be read in as config.
These settings are used in the deployed instance and mentioned elsewhere
in the README, but were missing from the base INI file and the
Configuration Guide section of the README.
Eventually, this should replace the CircleCI config for running the
integration tests to avoid duplication. In the interest of time so that
I don't have to debug broken builds, I'm only adding it as a utility
script.
This updates the configuration handling for the Redis connection string.
The motivation is so that the Redis password can be managed separately
via Azure Key Vault and eventually be rotated independently of the rest
of the connection URI.
This also tweaks the method we use to build the DATABASE_URI and removes
some stale config from the CI config file.
The K8s CronJob that manages CRL syncing often leaves pods hanging
around for days at a time. This appears to happen when the download of a
particular CRL from DISA hangs for whatever reason. This updates the
configuration so that a running cronjob is automatically replaced by its
successor, rather than the two running concurrently. (The CRL CronJob
runs every hour, and it one has taken that long then it's hanging and
needs to be replace.) Similarly, this updates the config to only retain
one successful CRL pod, rather than the default of three.
Because of limitations with CircleCI, we should limit Ghost Inspector
tests to only run on merge commits to our protected branches. This will
allow us to build every commit in CI without exhausting our monthly
allotment of Ghost Inspector test runs. Once that setting has been
enabled in CircleCI ("build every commit") we will not longer have to
worry about what our default branch in the Github repo is.
FlexVol requires that you specify certificates as secrets in order to get both the certificate and private key in the appropriate format for nginx to consume. Additionally, flexvol shouldn't interfer with other secrets mounted in it's host directory.
