During recent smoke testing for work on #292, the PostToCmr lambda function began to fail on every invocation, with a 401 (Unauthorized) response from the CMR. After the CMR team indicated that there were not system wide CMR issues, I asked Aaron if the certificate might have expired, and he confirmed that to be the case.
Aaron put in a request for a 2-year renewal of the certificate and received a new cert file and passcode.
To ease the process of updating this in the future, we want to enhance our scripts and Terraform files to make the process as simply as possible.
Acceptance criteria:
[x] There is a make command that can take a Launchpad certificate file (.pfx) and a passcode and update the relevant secret (cumulus-launchpad-pfx) and ssm parameter (/cumulus/shared/launchpad-passcode) in a given AWS account
[x] Terraform infrastructure code will update the S3 object in the "internal" bucket at <prefix>/crypto/launchpad.pfx upon deployment, when the value of the cumulus-launchpad-pfx secret has been updated.
[x] docs/TROUBLESHOOTING.md is updated to include a section on how to deal with PostToCmr always throwing 401 from CMR
[x] docs/OPERATING.md is updated to include instructions on how to use the new make command to update all environments, and how to trigger deployment to UAT and Prod
[x] Deployment of the above changes (upon merging of associated PR) results in a successful deployment to UAT
[x] Running a smoke test in UAT (after deployment) shows PostToCmr running successfully
[x] Manually approving deployment to Prod results in a successful deployment to Prod
[x] Running a smoke test in Prod (after deployment) shows PostToCmr running successfully
During recent smoke testing for work on #292, the
PostToCmr
lambda function began to fail on every invocation, with a 401 (Unauthorized) response from the CMR. After the CMR team indicated that there were not system wide CMR issues, I asked Aaron if the certificate might have expired, and he confirmed that to be the case.Aaron put in a request for a 2-year renewal of the certificate and received a new cert file and passcode.
To ease the process of updating this in the future, we want to enhance our scripts and Terraform files to make the process as simply as possible.
Acceptance criteria:
make
command that can take a Launchpad certificate file (.pfx
) and a passcode and update the relevant secret (cumulus-launchpad-pfx
) and ssm parameter (/cumulus/shared/launchpad-passcode
) in a given AWS account<prefix>/crypto/launchpad.pfx
upon deployment, when the value of thecumulus-launchpad-pfx
secret has been updated.docs/TROUBLESHOOTING.md
is updated to include a section on how to deal withPostToCmr
always throwing 401 from CMRdocs/OPERATING.md
is updated to include instructions on how to use the newmake
command to update all environments, and how to trigger deployment to UAT and ProdPostToCmr
running successfullyPostToCmr
running successfully