diff --git a/terraform/api.tf b/terraform/api.tf index c736f5d..d62b479 100644 --- a/terraform/api.tf +++ b/terraform/api.tf @@ -1,12 +1,12 @@ data "heroku_team" "dandi" { - name = "dandi" + name = "sandbox-dandi" } module "api" { source = "girder/girder4/heroku" version = "0.13.0" - project_slug = "dandi-api" + project_slug = "sandbox-dandi-api" heroku_team_name = data.heroku_team.dandi.name route53_zone_id = aws_route53_zone.dandi.zone_id subdomain_name = "api" @@ -20,18 +20,18 @@ module "api" { heroku_web_dyno_quantity = 3 heroku_worker_dyno_quantity = 1 - django_default_from_email = "admin@api.dandiarchive.org" - django_cors_origin_whitelist = ["https://dandiarchive.org"] - django_cors_origin_regex_whitelist = ["^https:\\/\\/[0-9a-z\\-]+--gui-dandiarchive-org\\.netlify\\.app$"] + django_default_from_email = "admin@api.sandbox-dandi.org" + django_cors_origin_whitelist = ["https://sandbox-dandi.org"] + django_cors_origin_regex_whitelist = ["^https:\\/\\/[0-9a-z\\-]+--gui-sandbox-dandi-org\\.netlify\\.app$"] additional_django_vars = { DJANGO_CONFIGURATION = "HerokuProductionConfiguration" - DJANGO_DANDI_DANDISETS_BUCKET_NAME = module.sponsored_dandiset_bucket.bucket_name +# DJANGO_DANDI_DANDISETS_BUCKET_NAME = module.sponsored_dandiset_bucket.bucket_name DJANGO_DANDI_DANDISETS_BUCKET_PREFIX = "" - DJANGO_DANDI_DANDISETS_EMBARGO_BUCKET_NAME = module.sponsored_embargo_bucket.bucket_name +# DJANGO_DANDI_DANDISETS_EMBARGO_BUCKET_NAME = module.sponsored_embargo_bucket.bucket_name DJANGO_DANDI_DANDISETS_EMBARGO_BUCKET_PREFIX = "" - DJANGO_DANDI_DANDISETS_LOG_BUCKET_NAME = module.sponsored_dandiset_bucket.log_bucket_name - DJANGO_DANDI_DANDISETS_EMBARGO_LOG_BUCKET_NAME = module.sponsored_embargo_bucket.log_bucket_name +# DJANGO_DANDI_DANDISETS_LOG_BUCKET_NAME = module.sponsored_dandiset_bucket.log_bucket_name +# DJANGO_DANDI_DANDISETS_EMBARGO_LOG_BUCKET_NAME = module.sponsored_embargo_bucket.log_bucket_name DJANGO_DANDI_DOI_API_URL = "https://api.datacite.org/dois" DJANGO_DANDI_DOI_API_USER = "dartlib.dandi" DJANGO_DANDI_DOI_API_PREFIX = "10.48324" @@ -40,8 +40,8 @@ module "api" { DJANGO_SENTRY_ENVIRONMENT = "production" DJANGO_CELERY_WORKER_CONCURRENCY = "4" DJANGO_DANDI_WEB_APP_URL = "https://dandiarchive.org" - DJANGO_DANDI_API_URL = "https://api.dandiarchive.org" - DJANGO_DANDI_JUPYTERHUB_URL = "https://hub.dandiarchive.org/" + DJANGO_DANDI_API_URL = "https://api.sandbox-dandi.org" + DJANGO_DANDI_JUPYTERHUB_URL = "https://hub.sandbox-dandi.org/" DJANGO_DANDI_DEV_EMAIL = var.dev_email } additional_sensitive_django_vars = { diff --git a/terraform/domain.tf b/terraform/domain.tf index ec97f97..f199218 100644 --- a/terraform/domain.tf +++ b/terraform/domain.tf @@ -1,5 +1,5 @@ resource "aws_route53_zone" "dandi" { - name = "dandiarchive.org" + name = "sandbox-dandi.org" } resource "aws_route53_record" "acm_validation" { @@ -23,7 +23,7 @@ resource "aws_route53_record" "gui-staging" { name = "gui-staging" type = "CNAME" ttl = "300" - records = ["gui-staging-dandiarchive-org.netlify.com"] + records = ["gui-staging-sandbox-dandi-org.netlify.com"] } resource "aws_route53_record" "www" { @@ -31,7 +31,7 @@ resource "aws_route53_record" "www" { name = "www" type = "CNAME" ttl = "300" - records = ["dandi.github.io"] + records = ["sandbox-dandi.github.io"] } resource "aws_route53_record" "email" { diff --git a/terraform/main.tf b/terraform/main.tf index 577673e..77a7f96 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,9 +1,9 @@ terraform { backend "remote" { - organization = "dandi" + organization = "sandbox-dandi" workspaces { - name = "dandi-prod" + name = "sandbox-dandi-prod" } } } @@ -11,24 +11,24 @@ terraform { // This is the "project" account, the primary account with most resources provider "aws" { region = "us-east-2" - allowed_account_ids = ["278212569472"] + allowed_account_ids = ["590183813759"] # Must set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY envvars } // The "sponsored" account, the Amazon-sponsored account with the public bucket -provider "aws" { - alias = "sponsored" - region = "us-east-2" - allowed_account_ids = ["769362853226"] - - // This will authenticate using credentials from the project account, then assume the - // "dandi-infrastructure" role from the sponsored account to manage resources there - assume_role { - role_arn = "arn:aws:iam::769362853226:role/dandi-infrastructure" - } - - # Must set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY envvars for project account -} +# provider "aws" { +# alias = "sponsored" +# region = "us-east-2" +# allowed_account_ids = ["769362853226"] +# +# // This will authenticate using credentials from the project account, then assume the +# // "dandi-infrastructure" role from the sponsored account to manage resources there +# assume_role { +# role_arn = "arn:aws:iam::769362853226:role/dandi-infrastructure" +# } +# +# # Must set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY envvars for project account +# } provider "heroku" { # Must set HEROKU_EMAIL, HEROKU_API_KEY envvars @@ -42,10 +42,10 @@ data "aws_canonical_user_id" "project_account" {} data "aws_caller_identity" "project_account" {} -data "aws_canonical_user_id" "sponsored_account" { - provider = aws.sponsored -} - -data "aws_caller_identity" "sponsored_account" { - provider = aws.sponsored -} +# data "aws_canonical_user_id" "sponsored_account" { +# provider = aws.sponsored +# } +# +# data "aws_caller_identity" "sponsored_account" { +# provider = aws.sponsored +# } diff --git a/terraform/redirector.tf b/terraform/redirector.tf index 09bb45f..51a367c 100644 --- a/terraform/redirector.tf +++ b/terraform/redirector.tf @@ -4,5 +4,5 @@ resource "aws_route53_record" "redirector" { name = "gui" type = "CNAME" ttl = "300" - records = ["redirect-dandiarchive-org.netlify.com"] + records = ["redirect-sandbox-dandi-org.netlify.com"] } diff --git a/terraform/sentry.tf b/terraform/sentry.tf index dbbb251..4ce8f0e 100644 --- a/terraform/sentry.tf +++ b/terraform/sentry.tf @@ -1,15 +1,15 @@ data "sentry_organization" "this" { - slug = "dandiarchive" + slug = "sandbox-dandi" } data "sentry_team" "this" { organization = data.sentry_organization.this.id - slug = "dandidevs" + slug = "sandbox-dandi-devs" } data "sentry_project" "this" { organization = data.sentry_organization.this.id - slug = "dandi-api" + slug = "sandbox-dandi-api" } data "sentry_key" "this" { diff --git a/terraform/sponsored_bucket.tf b/terraform/sponsored_bucket.tf index a1d32ce..838c4e8 100644 --- a/terraform/sponsored_bucket.tf +++ b/terraform/sponsored_bucket.tf @@ -1,27 +1,27 @@ -module "sponsored_dandiset_bucket" { - source = "./modules/dandiset_bucket" - bucket_name = "dandiarchive" - public = true - versioning = true - trailing_delete = false - allow_cross_account_heroku_put_object = true - heroku_user = data.aws_iam_user.api - log_bucket_name = "dandiarchive-logs" - providers = { - aws = aws.sponsored - aws.project = aws - } -} - -module "sponsored_embargo_bucket" { - source = "./modules/dandiset_bucket" - bucket_name = "dandiarchive-embargo" - versioning = false - trailing_delete = false - heroku_user = data.aws_iam_user.api - log_bucket_name = "dandiarchive-embargo-logs" - providers = { - aws = aws.sponsored - aws.project = aws - } -} +# module "sponsored_dandiset_bucket" { +# source = "./modules/dandiset_bucket" +# bucket_name = "dandiarchive" +# public = true +# versioning = true +# trailing_delete = false +# allow_cross_account_heroku_put_object = true +# heroku_user = data.aws_iam_user.api +# log_bucket_name = "dandiarchive-logs" +# providers = { +# aws = aws.sponsored +# aws.project = aws +# } +# } +# +# module "sponsored_embargo_bucket" { +# source = "./modules/dandiset_bucket" +# bucket_name = "dandiarchive-embargo" +# versioning = false +# trailing_delete = false +# heroku_user = data.aws_iam_user.api +# log_bucket_name = "dandiarchive-embargo-logs" +# providers = { +# aws = aws.sponsored +# aws.project = aws +# } +# } diff --git a/terraform/sponsored_iam.tf b/terraform/sponsored_iam.tf index 1339be1..46d87bd 100644 --- a/terraform/sponsored_iam.tf +++ b/terraform/sponsored_iam.tf @@ -1,44 +1,44 @@ -resource "aws_iam_group" "sponsored_writers" { - provider = aws.sponsored - - name = "writers" -} - -resource "aws_iam_group_policy" "sponsored_writers" { - provider = aws.sponsored - - name = "bucket-write" - group = aws_iam_group.sponsored_writers.name - policy = data.aws_iam_policy_document.sponsored_writers.json -} - -data "aws_iam_policy_document" "sponsored_writers" { - version = "2012-10-17" - statement { - sid = "VisualEditor0" - actions = [ - "s3:DeleteObjectTagging", - "s3:ListBucketByTags", - "s3:ListBucketMultipartUploads", - "s3:GetBucketTagging", - "s3:ListBucketVersions", - "s3:PutObjectVersionTagging", - "s3:ListBucket", - "s3:DeleteObjectVersionTagging", - "s3:GetBucketVersioning", - "s3:GetObjectVersionTorrent", - "s3:PutObject", - "s3:GetObject", - "s3:PutBucketTagging", - "s3:GetObjectTagging", - "s3:PutObjectTagging", - "s3:DeleteObject", - "s3:GetBucketLocation", - "s3:GetObjectVersion", - ] - resources = [ - "${module.sponsored_dandiset_bucket.bucket_arn}/*", - module.sponsored_dandiset_bucket.bucket_arn, - ] - } -} +# resource "aws_iam_group" "sponsored_writers" { +# provider = aws.sponsored +# +# name = "writers" +# } +# +# resource "aws_iam_group_policy" "sponsored_writers" { +# provider = aws.sponsored +# +# name = "bucket-write" +# group = aws_iam_group.sponsored_writers.name +# policy = data.aws_iam_policy_document.sponsored_writers.json +# } +# +# data "aws_iam_policy_document" "sponsored_writers" { +# version = "2012-10-17" +# statement { +# sid = "VisualEditor0" +# actions = [ +# "s3:DeleteObjectTagging", +# "s3:ListBucketByTags", +# "s3:ListBucketMultipartUploads", +# "s3:GetBucketTagging", +# "s3:ListBucketVersions", +# "s3:PutObjectVersionTagging", +# "s3:ListBucket", +# "s3:DeleteObjectVersionTagging", +# "s3:GetBucketVersioning", +# "s3:GetObjectVersionTorrent", +# "s3:PutObject", +# "s3:GetObject", +# "s3:PutBucketTagging", +# "s3:GetObjectTagging", +# "s3:PutObjectTagging", +# "s3:DeleteObject", +# "s3:GetBucketLocation", +# "s3:GetObjectVersion", +# ] +# resources = [ +# "${module.sponsored_dandiset_bucket.bucket_arn}/*", +# module.sponsored_dandiset_bucket.bucket_arn, +# ] +# } +# } diff --git a/terraform/staging_bucket.tf b/terraform/staging_bucket.tf index b6ceeea..ffaaf34 100644 --- a/terraform/staging_bucket.tf +++ b/terraform/staging_bucket.tf @@ -1,12 +1,12 @@ module "staging_dandiset_bucket" { source = "./modules/dandiset_bucket" - bucket_name = "dandi-api-staging-dandisets" + bucket_name = "sandbox-dandi-api-staging-dandisets" public = true versioning = true trailing_delete = true allow_heroku_put_object = true heroku_user = data.aws_iam_user.api_staging - log_bucket_name = "dandi-api-staging-dandiset-logs" + log_bucket_name = "sandbox-dandi-api-staging-dandiset-logs" providers = { aws = aws aws.project = aws @@ -15,11 +15,11 @@ module "staging_dandiset_bucket" { module "staging_embargo_bucket" { source = "./modules/dandiset_bucket" - bucket_name = "dandi-api-staging-embargo-dandisets" + bucket_name = "sandbox-dandi-api-staging-embargo-dandisets" versioning = false trailing_delete = false heroku_user = data.aws_iam_user.api_staging - log_bucket_name = "dandi-api-staging-embargo-dandisets-logs" + log_bucket_name = "sandbox-dandi-api-staging-embargo-dandisets-logs" providers = { aws = aws aws.project = aws diff --git a/terraform/staging_pipeline.tf b/terraform/staging_pipeline.tf index 8468157..89d30fe 100644 --- a/terraform/staging_pipeline.tf +++ b/terraform/staging_pipeline.tf @@ -5,7 +5,7 @@ module "api_staging" { source = "girder/girder4/heroku" version = "0.13.0" - project_slug = "dandi-api-staging" + project_slug = "sandbox-dandi-api-staging" heroku_team_name = data.heroku_team.dandi.name route53_zone_id = aws_route53_zone.dandi.zone_id subdomain_name = "api-staging" @@ -19,9 +19,9 @@ module "api_staging" { heroku_web_dyno_quantity = 1 heroku_worker_dyno_quantity = 1 - django_default_from_email = "admin@api-staging.dandiarchive.org" - django_cors_origin_whitelist = ["https://gui-staging.dandiarchive.org"] - django_cors_origin_regex_whitelist = ["^https:\\/\\/[0-9a-z\\-]+--gui-staging-dandiarchive-org\\.netlify\\.app$"] + django_default_from_email = "admin@api-staging.sandbox-dandi.org" + django_cors_origin_whitelist = ["https://gui-staging.sandbox-dandi.org"] + django_cors_origin_regex_whitelist = ["^https:\\/\\/[0-9a-z\\-]+--gui-staging-sandbox-dandi-org\\.netlify\\.app$"] additional_django_vars = { DJANGO_CONFIGURATION = "HerokuStagingConfiguration" @@ -38,9 +38,9 @@ module "api_staging" { DJANGO_SENTRY_DSN = data.sentry_key.this.dsn_public DJANGO_SENTRY_ENVIRONMENT = "staging" DJANGO_CELERY_WORKER_CONCURRENCY = "2" - DJANGO_DANDI_WEB_APP_URL = "https://gui-staging.dandiarchive.org" - DJANGO_DANDI_API_URL = "https://api-staging.dandiarchive.org" - DJANGO_DANDI_JUPYTERHUB_URL = "https://hub.dandiarchive.org/" + DJANGO_DANDI_WEB_APP_URL = "https://gui-staging.sandbox-dandi.org" + DJANGO_DANDI_API_URL = "https://api-staging.sandbox-dandi.org" + DJANGO_DANDI_JUPYTERHUB_URL = "https://hub.sandbox-dandi.org/" DJANGO_DANDI_DEV_EMAIL = var.dev_email } additional_sensitive_django_vars = { diff --git a/terraform/webdav.tf b/terraform/webdav.tf index 50ec09e..b4dfbc2 100644 --- a/terraform/webdav.tf +++ b/terraform/webdav.tf @@ -1,36 +1,36 @@ -resource "heroku_app" "webdav" { - name = "dandidav" - region = "us" - acm = true - - organization { - name = data.heroku_team.dandi.name - } - - buildpacks = [ - # The Rust application is compiled and pushed to Heroku via a GitHub Action, so - # we don't need to specify a specific buildpack here. So, we just fall back to - # the Heroku CLI buildpack as a default. - "https://buildpack-registry.s3.amazonaws.com/buildpacks/heroku-community/cli.tgz" - ] -} - -resource "heroku_formation" "webdav_heroku_web" { - app_id = heroku_app.webdav.id - type = "web" - size = "standard-2x" - quantity = 1 -} - -resource "heroku_domain" "webdav" { - app_id = heroku_app.webdav.id - hostname = "webdav.dandiarchive.org" -} - -resource "aws_route53_record" "heroku" { - zone_id = aws_route53_zone.dandi.zone_id - name = "webdav" - type = "CNAME" - ttl = "300" - records = [heroku_domain.webdav.cname] -} +# resource "heroku_app" "webdav" { +# name = "dandidav" +# region = "us" +# acm = true +# +# organization { +# name = data.heroku_team.dandi.name +# } +# +# buildpacks = [ +# # The Rust application is compiled and pushed to Heroku via a GitHub Action, so +# # we don't need to specify a specific buildpack here. So, we just fall back to +# # the Heroku CLI buildpack as a default. +# "https://buildpack-registry.s3.amazonaws.com/buildpacks/heroku-community/cli.tgz" +# ] +# } +# +# resource "heroku_formation" "webdav_heroku_web" { +# app_id = heroku_app.webdav.id +# type = "web" +# size = "standard-2x" +# quantity = 1 +# } +# +# resource "heroku_domain" "webdav" { +# app_id = heroku_app.webdav.id +# hostname = "webdav.dandiarchive.org" +# } +# +# resource "aws_route53_record" "heroku" { +# zone_id = aws_route53_zone.dandi.zone_id +# name = "webdav" +# type = "CNAME" +# ttl = "300" +# records = [heroku_domain.webdav.cname] +# }