From ff8373600d859fbfc1978f751df8c6421b387f8c Mon Sep 17 00:00:00 2001 From: Alexey Bezhan Date: Fri, 5 Jan 2018 14:27:17 +0000 Subject: [PATCH] Replace manifest services with lists of env variables Removes bindings to user provided services for new application deployments and sets the expected environment variables to `null`. Listing variables in the manifest allows us to only inject secrets used by the app. `null` is not a valid value for a variable in a CloudFoundry manifest, so if any of the keys don't have a match in the credentials file `cf push` will return an error and stop the deployment. --- manifest-api-base.yml | 40 ++++++++++++++++++++++++++++------ manifest-api-preview.yml | 7 ------ manifest-api-staging.yml | 7 ------ manifest-delivery-base.yml | 41 ++++++++++++++++++++++++++++------- manifest-delivery-preview.yml | 8 ------- manifest-delivery-staging.yml | 8 ------- 6 files changed, 66 insertions(+), 45 deletions(-) diff --git a/manifest-api-base.yml b/manifest-api-base.yml index 9afb9f860..eea8d8459 100644 --- a/manifest-api-base.yml +++ b/manifest-api-base.yml @@ -3,19 +3,45 @@ buildpack: python_buildpack command: scripts/run_app_paas.sh gunicorn -c /home/vcap/app/gunicorn_config.py --error-logfile /home/vcap/logs/gunicorn_error.log -w 5 -b 0.0.0.0:$PORT application services: - - notify-aws - - notify-config - notify-db - - mmg - - firetext - - hosted-graphite - - redis - - performance-platform env: NOTIFY_APP_NAME: public-api CW_APP_NAME: api # required by cf run-task FLASK_APP: application.py + + # Credentials variables + ADMIN_BASE_URL: null + ADMIN_CLIENT_SECRET: null + API_HOST_NAME: null + DANGEROUS_SALT: null + SECRET_KEY: null + ROUTE_SECRET_KEY_1: null + ROUTE_SECRET_KEY_2: null + + PERFORMANCE_PLATFORM_ENDPOINTS: null + + NOTIFICATION_QUEUE_PREFIX: null + AWS_ACCESS_KEY_ID: null + AWS_SECRET_ACCESS_KEY: null + + STATSD_PREFIX: null + + MMG_URL: null + MMG_API_KEY: null + MMG_INBOUND_SMS_AUTH: null + MMG_INBOUND_SMS_USERNAME: null + + FIRETEXT_API_KEY: null + LOADTESTING_API_KEY: null + FIRETEXT_INBOUND_SMS_AUTH: null + + REDIS_ENABLED: null + REDIS_URL: null + + TEMPLATE_PREVIEW_API_HOST: null + TEMPLATE_PREVIEW_API_KEY: null + instances: 1 memory: 1G diff --git a/manifest-api-preview.yml b/manifest-api-preview.yml index 1e4174cb1..406b53cb5 100644 --- a/manifest-api-preview.yml +++ b/manifest-api-preview.yml @@ -3,14 +3,7 @@ inherit: manifest-api-base.yml services: - - notify-aws - - notify-config - notify-db - - mmg - - firetext - - hosted-graphite - - redis - - performance-platform - logit-ssl-syslog-drain routes: diff --git a/manifest-api-staging.yml b/manifest-api-staging.yml index 868d2853b..30304c2fd 100644 --- a/manifest-api-staging.yml +++ b/manifest-api-staging.yml @@ -2,14 +2,7 @@ inherit: manifest-api-base.yml services: - - notify-aws - - notify-config - notify-db - - mmg - - firetext - - hosted-graphite - - redis - - performance-platform - logit-ssl-syslog-drain routes: diff --git a/manifest-delivery-base.yml b/manifest-delivery-base.yml index 26a12ea0e..78cff9fa5 100644 --- a/manifest-delivery-base.yml +++ b/manifest-delivery-base.yml @@ -4,18 +4,43 @@ buildpack: python_buildpack health-check-type: none no-route: true services: - - notify-aws - - notify-config - notify-db - - notify-template-preview - - mmg - - firetext - - hosted-graphite - - redis - - performance-platform instances: 1 memory: 1G +env: + # Credentials variables + ADMIN_BASE_URL: null + ADMIN_CLIENT_SECRET: null + API_HOST_NAME: null + DANGEROUS_SALT: null + SECRET_KEY: null + ROUTE_SECRET_KEY_1: null + ROUTE_SECRET_KEY_2: null + + PERFORMANCE_PLATFORM_ENDPOINTS: null + + NOTIFICATION_QUEUE_PREFIX: null + AWS_ACCESS_KEY_ID: null + AWS_SECRET_ACCESS_KEY: null + + STATSD_PREFIX: null + + MMG_URL: null + MMG_API_KEY: null + MMG_INBOUND_SMS_AUTH: null + MMG_INBOUND_SMS_USERNAME: null + + FIRETEXT_API_KEY: null + LOADTESTING_API_KEY: null + FIRETEXT_INBOUND_SMS_AUTH: null + + REDIS_ENABLED: null + REDIS_URL: null + + TEMPLATE_PREVIEW_API_HOST: null + TEMPLATE_PREVIEW_API_KEY: null + applications: - name: notify-delivery-celery-beat command: scripts/run_app_paas.sh celery -A run_celery.notify_celery beat --loglevel=INFO diff --git a/manifest-delivery-preview.yml b/manifest-delivery-preview.yml index 8de718214..f86d53582 100644 --- a/manifest-delivery-preview.yml +++ b/manifest-delivery-preview.yml @@ -3,15 +3,7 @@ inherit: manifest-delivery-base.yml services: - - notify-aws - - notify-config - notify-db - - notify-template-preview - - mmg - - firetext - - hosted-graphite - - redis - - performance-platform - logit-ssl-syslog-drain memory: 1G diff --git a/manifest-delivery-staging.yml b/manifest-delivery-staging.yml index 7e7f37c0e..973b43a85 100644 --- a/manifest-delivery-staging.yml +++ b/manifest-delivery-staging.yml @@ -3,15 +3,7 @@ inherit: manifest-delivery-base.yml services: - - notify-aws - - notify-config - notify-db - - notify-template-preview - - mmg - - firetext - - hosted-graphite - - redis - - performance-platform - logit-ssl-syslog-drain instances: 2