In the feature/commons branch, the installer will need to prompt for and/or generate:
. Prompt for AWS access key and secret
. Prompt for EMAIL_WHITELIST_NAME -- this is used by bouncer library. If the user does not specify it, then skip the following, otherwise ask for them.
. Prompt for a list of Google client ids to whitelist (optional).
. Generate a secret for encrypting/decrypting cookies.
. Prompt for a project name, to be used on the unauthorized page. DASH-22
. Prompt for a contact email address. DASH-22
All of the above settings should appear as environment variables for the dcc-dashboard in prod.yml and dev.yml.
Regarding the secret generation, it should probably be an option to either input or generate. This for the day when we allow more than one server to take traffic behind a load balancer.
Note that item 1 overlaps with TLP-422, although that one will set the properties for dcc-dashboard-service.
┆Issue is synchronized with this JIRA Story
┆Project Name: CGP-Deployment
┆Issue Number: DEP-21
┆Epic: Google authn for Boardwalk
In the feature/commons branch, the installer will need to prompt for and/or generate:
. Prompt for AWS access key and secret
. Prompt for EMAIL_WHITELIST_NAME -- this is used by bouncer library. If the user does not specify it, then skip the following, otherwise ask for them.
. Prompt for a list of Google client ids to whitelist (optional).
. Generate a secret for encrypting/decrypting cookies.
. Prompt for a project name, to be used on the unauthorized page. DASH-22
. Prompt for a contact email address. DASH-22
All of the above settings should appear as environment variables for the dcc-dashboard in prod.yml and dev.yml.
For the first item, see https://github.com/DataBiosphere/cgp-deployment/blob/develop/boardwalk/prod.yml#L48. For Redwood, we prompted for AWS keys, but had removed the functionality, so we mainly just need to copy it back in. This will also entail updating the dev.yml, install_bootstrap, and boardwalk.config.template.
Regarding the secret generation, it should probably be an option to either input or generate. This for the day when we allow more than one server to take traffic behind a load balancer.
Note that item 1 overlaps with TLP-422, although that one will set the properties for dcc-dashboard-service.
┆Issue is synchronized with this JIRA Story ┆Project Name: CGP-Deployment ┆Issue Number: DEP-21 ┆Epic: Google authn for Boardwalk