In `sh` on Alpine Linux in our Docker images, the newline characters in
the script were being interpreted as literals. This substitutes a
HEREDOC instead.
This applies configuration changes for the Flask app and adds changes to
the Dockerfile so that the build can make a CSP-specific JS bundle. It
adds `write_dotenv` script that creates the appropriate `.env` file for
the `parcel` bundler depending on how the `CSP` environment variable is
set.
- Configure K8s environment variables for Flask CSP usage
- Supply default CSP config setting to Flask app
- Declare the CSP arg in the Dockerfile
- Supply extra Docker build args to CD
- Fix top-level reference to boto3 in file_upload module
- Add back missing sample NGINX config for docker-compose build
- Applies our previous CSP namespacing pattern to the upload classes.
- Removes code and config for previous uploader implementation.
- Removes Attachment model's ability to upload files directly and
adjusts tests that expected that behavior.
- Don't write a CRL to the cache if the response code is above 399. (We
were getting HTML files as CRLs, d'oh).
- Fix a kwarg in the CRL logger (extras -> extra).
- Set Kubernetes clusters to log output as JSON.
Chose Elastic File Storage over EBS (Elastic Block Storage) because the
latter can only be mounted into a single node.
This adds the RBAC config and deployment for managing EFS mounts within
the cluster. Largely depends on this efs-provisioner config:
https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs
The config has been hard-copied into the repo and updated for future
reference. Note that the config requires an environment variable
substitution and cannot be applied directly to the cluster.
- Fix some python formatting and import issues
- Fix dockerfile to include sync-crls script
- Adjust sync-crls script to use paths and CLI tools available in the
Docker container
This adds a previous version of the CRL sync functionality back to the
repo, with some small adjustments. We now grab the CRLs directly from
their DISA URLs.
The CRL sync is handled by a kubernetes cronjob that sync the files to a
persistent volume that is mounted into each Flask app container.
