Previously the jwk set_keys was not pointing to any
data_center when it makes the call to set the keys.
This now will grab the configuration from consul of
the dc and set it as the data_center to put to.
ref PLAT-3361
Test Plan:
n/a
Change-Id: I70e3cfb52ba557543ad203c516739a18cae17c26
Reviewed-on: https://gerrit.instructure.com/159839
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
closes CNVS-35834
* allow specifying tree, service, and cluster for consul stuff
* check multiple consul keys for each setting (cluster, env, region, global)
test plan:
* an existing consul environment still works
Change-Id: I48e8fadeac2e140973bfc4b41c1cfb386532d15c
Reviewed-on: https://gerrit.instructure.com/125271
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Fixes: CNVS-35833
There is a lot more than just moving to Consul going on here. The whole
PrefixProxy business wouldn't be required for this change, but it will
be really useful as we move to adding cluster awareness.
Test Plan:
- Have MathMan running
- Update config/consul.yml to enable use_for_svg and
use_for_mml under the math-man init values key
- Start Canvas
- Build an equation with the rich content editor
- The equation should be rendered as usual.
Change-Id: I650527ebaecb6224c6ee6ba26346d27dee33b9d7
Reviewed-on: https://gerrit.instructure.com/111543
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Tested-by: Jenkins
Reviewed-by: Brent Burgoyne <bburgoyne@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
Fixes: CNVS-35832
Refs: CNVS-32864
This was super simple because of the change to using a hash for
configuring LiveEvents instead of a PluginSetting object
Change-Id: Ia34cb905e22a21c822f48b581e3e3cd4f7a738d3
Reviewed-on: https://gerrit.instructure.com/110193
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
Since some environments share a consul datacenter we need to be able to
differentiate configurations.
Fixes: CNVS-34341
Test Plan:
- Nothing uses this yet but we need to make sure we haven't broken JWT
secrets, the RCE, and Address Book.
Change-Id: I496a8f7d2cafd02c3177a28b348679e552965c0d
Reviewed-on: https://gerrit.instructure.com/99650
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
Also, make Consul container accessible from the host.
Fixes: CNVS-35831
Refs: CNVS-34341, CNVS-32864
Test Plan:
- Smoke test RCS and Canvas running together to make sure they still
play nice.
Change-Id: I418d54a176677b1df8ec42a009752807908a847c
Reviewed-on: https://gerrit.instructure.com/99443
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
fixes PLAT-2080 PLAT-2059 PLAT-2061
Test plan:
* Set up canvas
* To be able to talk to http://les.docker
* To use an encryption key and signing secret that are 32 bytes long
* Set up live events subscription service
* To use the same signing secret you used in canvas and a base64
encoded version of the encryption key you used in canvas
* Run docker-compose run --rm app npm run seed:dynamo and give it the
developer key you want to use for testing
* With the subscription service running open up a rails console in Canvas
and run the following:
ToolProxy = Struct.new("ToolProxy", :guid, :product_family)
Family = Struct.new("Family", :developer_key)
f = Family.new(<a developer key>)
tp = ToolProxy.new('hahahah', f)
res = Services::LiveEventsSubscriptionService.tool_proxy_subscriptions(tp)
* Ensure that you get a response back with the subscriptions for your
developer key
* Go through this process first with dynamic settings enabled and then
with consul enabled
Change-Id: I454d5a82d98ce1edb2bd9afd23cb974dc062e04f
Reviewed-on: https://gerrit.instructure.com/100072
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Andrew Butterfield <abutterfield@instructure.com>
This only applies for local development
An OPS ticket will need to be made for configuring production/beta
fixes PLAT-2079 PLAT-2064
Test plan:
* Run the following command
cp config/dynamic_settings.yml.example config/dynamic_settings.yml
* Open up a rails console and run
Canvas::DynamicSettings.from_cache('live-events-subscription-service', expires_in: 5.minutes)
* Ensure that a settings hash is returned with the url for a local,
dockerized subscription service
* Remove the config/dynamic_settings.yml
* Add config/consul.yml either by copying config/consul.yml.example or
docker-compose/config/consul.yml.example
* Configure docker compose to use consul
* Open up a rails console and run
Canvas::DynamicSettings.from_cache('live-events-subscription-service', expires_in: 5.minutes)
* Ensure that a settings hash is returned with the url for a local,
dockerized subscription service
Change-Id: I495cc73d914cbefd409fed5ec7ad6cebd0f8c200
Reviewed-on: https://gerrit.instructure.com/99797
Tested-by: Jenkins
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Andrew Butterfield <abutterfield@instructure.com>
closes CNVS-33090
test plan:
- start with a fresh dinghy and fresh canvas-lms repo
- follow Canvas Docker Installation Guide in the wiki
- after canvas-compose up , login to your account on your local setup
- navigate to Admin > ACCOUNT > Settings > Feature Options and turn on
"User Remote Version of Rich Content Editor..." options
- navigate to Dashboard , then navigate back to Admin > ACCOUNT > Settings
- rejoice that you do not get the "key length too short" CipherError
Change-Id: Ia4503fcfcafed00aab5616428d86fb41955d7ab3
Reviewed-on: https://gerrit.instructure.com/94383
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Product-Review: brian kirkby <bkirkby@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
refs CNVS-31277
closes CNVS-31939
test-plan:
- configure your canvas to use an address book service instance that
has authentication enabled and has your data loaded
- configure your canvas to use the same secret as that service
- search for recipients on a new conversation in the inbox
- should find the recipients
- configure your canvas to use a different secret than that service
- search for recipients on a new conversation in the inbox
- search should come back empty, but gracefully so (no page error)
- error reports should show the request failed due to authentication
Change-Id: I3a5f1c4ddcbbf830c9e7b98f6c8a39d4fdc82461
Reviewed-on: https://gerrit.instructure.com/90399
Tested-by: Jenkins
Reviewed-by: Andrew Huff <ahuff@instructure.com>
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
closes CNVS-29869
refs CNVS-31303
adds an implementation of the AddressBook facade backed by an external
address book service. cleans up some implementation of the facade to
faciliate that.
intentionally punts on pagination through the service for right now.
that will be covered in a later commit addressing CNVS-31303.
test-plan:
- depends on having an address-book service that fulfills the expected
contract
- if using consul, add the host for your address-book service to
config/consul.yml (see config/consul.yml.example)
- if not using consul, add it to config/dynamic_settings.yml (see
config/dynamic_settings.yml.example)
- go to your canvas' /plugins/address-book and configure your account
to use the service implementation
- smoke test the inbox address book UI in canvas
Change-Id: I4e89bd7c2ac64b5a4902905cbdd37c8283f7adf5
Reviewed-on: https://gerrit.instructure.com/88431
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
Tested-by: Jenkins
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
Change-Id: I8f233a319d65edeabf6d5bd4720a36d7f074e231
Reviewed-on: https://gerrit.instructure.com/78878
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
closes CNVS-26734
distributing env vars through production is harder
than updating a shared highly available store. We put this stuff
in consul now so it's easy to update everywhere at once.
also clean up webmock spec usage, it causes a lot of errors
because it's configuration seeps outside the specs it's currently used
in
TEST PLAN:
1) no production changes (does not touch app code)
2) clean install, clean config directory
3) copy docker-compose/config/ files to your config directory
4) you shouldn't be missing any config files when you start your
compose file up
5) Canvas::DynamicSettings.find("canvas") should give you a hash
with your secrets from the init values in your config file
6) ServicesJwt.signing_secret and ServicesJwt.encryption secret
should pull those same values
7) if you have env vars for ECOSYSTEM_KEY or ECOSYSTEM_SECRET, they
should be ignored
Change-Id: I3b3c1b19d6e2a05af3e6caa2e0af6c5d1dc6df66
Reviewed-on: https://gerrit.instructure.com/71559
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
refs CNVS-24816
create the feature flag and expose it in
the Eportfolios controller
Add a consul docker container to docker-compose.yml,
and a class for consuming settings in consul.
Also, add the ability to init config values
into consul from the consul.yml file
TEST PLAN:
1) edit your consul.yml to look kinda like this:
development:
host: consul
port: 8500
ssl: false
init_values:
rich-content-service:
app-host: rce.docker
cdn-host: rce.docker
2) go to edit an eportfolio as a logged in user
3) check in js console "ENV.RICH_CONTENT_SERVICE_ENABLED"
4) should be "true" or "false" depending on the feature
flag state for that user's root account
5) with the feature flag on, refresh and check the env
6) should have values in the env for
RICH_CONTENT_APP_HOST and RICH_CONTENT_CDN_HOST
Change-Id: Ic138e24416b2aadd965ce4811d3c56538de391bc
Reviewed-on: https://gerrit.instructure.com/66614
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
Marc Phillips