Skip to content

Commit

Permalink
IDEA Release 3.1.2
Browse files Browse the repository at this point in the history
  • Loading branch information
cfsnate committed May 19, 2024
1 parent 94f55be commit 1fcabe6
Show file tree
Hide file tree
Showing 94 changed files with 1,111 additions and 769 deletions.
2 changes: 1 addition & 1 deletion IDEA_VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.1.1
3.1.2
47 changes: 0 additions & 47 deletions deployment/ecr/idea-administrator/Dockerfile

This file was deleted.

234 changes: 0 additions & 234 deletions deployment/integrated-digital-engineering-on-aws.template

This file was deleted.

2 changes: 1 addition & 1 deletion idea-admin-windows.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ function Verify-Command($type,$message,$command) {
$IDEADevMode = if ($Env:IDEA_DEV_MODE) {$Env:IDEA_DEV_MODE} else {""}
$VirtualEnv = if ($Env:VIRTUAL_ENV) {$Env:VIRTUAL_ENV} else {""}
$ScriptDir = $PSScriptRoot
$IDEARevision = if ($Env:IDEA_REVISION) {$Env:IDEA_REVISION} else {"v3.1.1"}
$IDEARevision = if ($Env:IDEA_REVISION) {$Env:IDEA_REVISION} else {"v3.1.2"}
$IDEADockerRepo = "public.ecr.aws/g8j8s8q8"
$DocumentationError = "https://ide-on-aws.com"
$AWSProfile = if ($Env:AWS_PROFILE) {$Env:AWS_PROFILE} else {"default"}
Expand Down
12 changes: 6 additions & 6 deletions idea-admin.sh
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
# * IDEA_DEV_MODE - Set to "true" if you are working with IDEA sources

SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
IDEA_REVISION=${IDEA_REVISION:-"v3.1.1"}
IDEA_REVISION=${IDEA_REVISION:-"v3.1.2"}
IDEA_DOCKER_REPO=${IDEA_DOCKER_REPO:-"public.ecr.aws/g8j8s8q8/idea-administrator"}
IDEA_ECR_CREDS_RESET=${IDEA_ECR_CREDS_RESET:-"true"}
IDEA_ADMIN_AWS_CREDENTIAL_PROVIDER=${IDEA_ADMIN_AWS_CREDENTIAL_PROVIDER:=""}
Expand Down Expand Up @@ -117,9 +117,9 @@ if [[ $? -ne 0 ]]; then
fi

# Launch installer
${DOCKER_BIN} run --rm -it -v ${HOME}/.idea/clusters:/root/.idea/clusters \
-e IDEA_ADMIN_AWS_CREDENTIAL_PROVIDER=${IDEA_ADMIN_AWS_CREDENTIAL_PROVIDER} \
-e IDEA_ADMIN_ENABLE_CDK_NAG_SCAN=${IDEA_ADMIN_ENABLE_CDK_NAG_SCAN} \
-v ~/.aws:/root/.aws ${IDEA_DOCKER_REPO}:${IDEA_REVISION} \
idea-admin ${@}
${DOCKER_BIN} run --rm -it -v "${HOME}/.idea/clusters:/root/.idea/clusters" \
-e IDEA_ADMIN_AWS_CREDENTIAL_PROVIDER="${IDEA_ADMIN_AWS_CREDENTIAL_PROVIDER}" \
-e IDEA_ADMIN_ENABLE_CDK_NAG_SCAN="${IDEA_ADMIN_ENABLE_CDK_NAG_SCAN}" \
-v ~/.aws:/root/.aws "${IDEA_DOCKER_REPO}:${IDEA_REVISION}" \
idea-admin "${@}"

2 changes: 1 addition & 1 deletion requirements/idea-cluster-manager.in
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-r idea-sdk.in
supervisor
sanic=22.3.2
sanic==22.3.2
python-ldap
ldappool
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ opensearch:
slow_index_log_enabled: true # Log Amazon OpenSearch Service audit logs to this log group
slow_search_log_enabled: true # Specify if slow search logging should be set up.
{%- endif %}
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt OpenSearch domain. If set to ~ encryption will be managed by the default AWS key
default_number_of_shards: 2
default_number_of_replicas: 1

Expand All @@ -25,3 +26,4 @@ opensearch:
kinesis:
shard_count: 2
stream_mode: PROVISIONED
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt Kinesis stream. If set to ~ encryption will be managed by the default AWS key
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,10 @@ network:
# https_proxy expected format is http://<hostname>:<port>
https_proxy: ""
no_proxy: "127.0.0.1,169.254.169.254,localhost,{{ aws_region }}.local,{{ aws_region }}.vpce.{{ aws_dns_suffix }},s3.{{ aws_region }}.{{ aws_dns_suffix }},s3.dualstack.{{ aws_region }}.{{ aws_dns_suffix }},dynamodb.{{ aws_region }}.{{ aws_dns_suffix }},{{ aws_region }}.es.{{ aws_dns_suffix }},sqs.{{ aws_region }}.{{ aws_dns_suffix }},ec2.{{ aws_region }}.{{ aws_dns_suffix }},secretsmanager.{{ aws_region }}.{{ aws_dns_suffix }},sns.{{ aws_region }}.{{ aws_dns_suffix }},cloudformation.{{ aws_region }}.{{ aws_dns_suffix }},elasticloadbalancing.{{ aws_region }}.{{ aws_dns_suffix }},monitoring.{{ aws_region }}.{{ aws_dns_suffix }},logs.{{ aws_region }}.{{ aws_dns_suffix }},ssm.{{ aws_region }}.{{ aws_dns_suffix }},application-autoscaling.{{ aws_region }}.{{ aws_dns_suffix }},events.{{ aws_region }}.{{ aws_dns_suffix }},kinesis.{{ aws_region }}.{{ aws_dns_suffix }},{{ aws_region }}.elb.{{ aws_dns_suffix }},autoscaling.{{ aws_region }}.{{ aws_dns_suffix }}"
{%- else %}
# https_proxy expected format is http://<hostname>:<port>
https_proxy: ""
no_proxy: "127.0.0.1,169.254.169.254,localhost,{{ aws_region }}.local,{{ aws_region }}.elb.{{ aws_dns_suffix }},{{ aws_region }}.es.{{ aws_dns_suffix }}"
{%- endif %}

# AWS Key Management Service
Expand All @@ -97,22 +101,27 @@ kms:

# Configure cluster-wide AWS Secrets Manager settings below
secretsmanager:
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt your Secret manager. If set to ~ encryption will be managed by the default AWS key
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt Secrets Manager secrets. If set to ~ encryption will be managed by the default AWS key

# Configure cluster-wide SQS settings below
# The customer managed key for Amazon SQS queues must have a policy statement that grants Amazon SNS service-principal access
# Consult the documentation at: https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption-for-topic-sqs-queue-subscriptions.html
sqs:
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt SQS queues. If set to ~ encryption will be managed by the default AWS key

# Configure cluster-wide SNS settings below
sns:
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt SNS topic. If set to ~ encryption will be managed by the default AWS key
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt SNS topics. If set to ~ encryption will be managed by the default AWS key

# Configure cluster-wide DynamoDB settings below.
dynamodb:
# this configuration is not supported and used at the moment.
# customizations are required to enable DDB encryption at rest.
# Note: Dynamodb <cluster-name>.vdc.dcv-broker.* tables are encrypted with DynamoDB service key
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt DynamoDB tables. If set to ~ encryption will be managed by the default AWS key

# Configure cluster-wide EBS settings below
ebs:
kms_key_id: {{ kms_key_id if kms_key_id else '~' }} # Specify your own CMK to encrypt EBS volumes. If set to ~ encryption will be managed by the default AWS key

solution:
# Enable to disable IDEA Anonymous Metric Collection.
# Refer to def build_metrics() on source/idea/idea-scheduler/src/ideascheduler/app/provisioning/job_provisioner/cloudformation_stack_builder.py for a list of metric being sent
Expand Down Expand Up @@ -178,7 +187,7 @@ backups:
# existing backup vault is not supported.
backup_vault:

# Specify your own CMK to encrypt your Secret manager. If set to ~ encryption will be managed by the default AWS key
# Specify your own CMK to encrypt backup vault. If set to ~ encryption will be managed by the default AWS key
kms_key_id: {{ kms_key_id if kms_key_id else '~' }}

# The removal policy to apply to the vault.
Expand Down
Loading

0 comments on commit 1fcabe6

Please sign in to comment.