Configure app env vars and secrets #549
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Can safely ignore the anchore scan failure. That's due to the example app. I haven't figured out how to ignore the vuln checks only on the template and not when they copy the workflow to the project. |
coilysiren
approved these changes
Feb 7, 2024
|
Update, I have backfilled this into grants ^_^ |
coilysiren
added a commit
to HHS/simpler-grants-gov
that referenced
this pull request
Mar 22, 2024
…ts (#1516) ## Summary Relates to #784 Closes #1519 Copies navapbc/template-infra#549 ### Time to review: __10 mins__ ## Changes proposed - cherry picks platform infra template's pattern for passing in env vars and AWS SSM secrets - changes `ENABLE_V_0_1_ENDPOINTS` / `enable_v01_endpoints` to use the above pattern - _**does not yet**_ change any of our SSM secrets to use platform's pattern, I plan to do that in a follow-up PR ## Context for reviewers I created this PR via tactical copy-pasting from the https://github.com/navapbc/template-infra/ repo. The goal of this PR is to DRY our methods for setting environment variables. Notice on the red side of the diff, how I've removed the need to set `enable_v01_endpoints` so many times. Then notice on the green side of the diff, that I only need to set `ENABLE_V_0_1_ENDPOINTS` twice (for dev and staging). That's the goal of this PR, to pull in platform's very nice pattern for DRY'ing environment variables. ## Testing To test this, I added - then removed - the following block from `staging.tf` ```hcl service_override_extra_environment_variables = { ENABLE_V_0_1_ENDPOINTS = "true" } ``` I then deployed to staging to see the difference. It worked as intended.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ticket
Resolves #535 and #310
Changes
Add functionality for applications to:
Context for reviewers
This adds the ability for applications to define custom env vars and secrets
Deploying
platform-test-flask needs some manual changes since currently there are custom changes to infra/app/service/main.tf to define the API key
Testing
Developed and tested in platform-test in this PR navapbc/platform-test#85