Skip to content
GitLab
Commit 0e14b062 authored by Rucha Deshpande's avatar Rucha Deshpande
Browse files

Merge branch 'feat/aws-server-fix' into 'master' 

Feat/aws server fix

See merge request !41
parents de6f5813 47f7825e
Pipeline #32280 passed with stages
in 10 minutes and 58 seconds
Hide whitespace changes
Inline Side-by-side
.gitignore
View file @ 0e14b062
......@@ -29,5 +29,8 @@ keys
# newman junit output
newman
.DS_Store
.idea
# backup files
*.bak
\ No newline at end of file
.gitlab-ci.yml
View file @ 0e14b062
......@@ -5,8 +5,17 @@ variables:
PORT: 80
REPLICA: 1
UTEST_RUNTIME_IMAGE: seistore-svc-runtime
#aws variables
#azure variables
AWS_SERVICE: seismic-store
AWS_BUILD_SUBDIR: src/cloud/providers/aws/build-aws
AWS_TEST_SUBDIR: tests
AWS_ENVIRONMENT: dev
AWS_BUILDER_DOCKERFILE_PATH: src/cloud/providers/aws/build-aws/builder.Dockerfile
AWS_RUNTIME_DOCKERFILE_PATH: src/cloud/providers/aws/build-aws/runtime.Dockerfile
# skipping tests here. Using a local file to run tests
AWS_SKIP_TESTS: "true"
#azure variables
AZURE_SERVICE: seismic-store-service
#gcp variables
GCP_APPLICATION_NAME: os-seismic-store-service
......@@ -30,7 +39,13 @@ include:
# containerize
- project: "osdu/platform/ci-cd-pipelines"
file: "containerize/seismic-store-service.yml"
# aws
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/aws.yml"
- local: "/devops/aws/awstest.yml"
# deploy
#azure
- project: "osdu/platform/ci-cd-pipelines"
......@@ -39,7 +54,8 @@ include:
#ibm
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/ibm-seismic-store-service.yml"
#gcp
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/gcp-seismic-store-service.yml"
devops/aws/awstest.yml 0 → 100644
View file @ 0e14b062
aws-test-newman:
extends:
- .aws
- .aws_base_variables
- .aws_variables
stage: integration
image: node
needs: ['aws-update-ecs']
script:
- apt-get update
- apt-get install -y python
- apt-get install -y python-pip
- pip install -r devops/aws/requirements.txt
- svctoken=$(python devops/scripts/aws_jwt_client.py)
- echo $svctoken
- npm install -g newman
- chmod +x ./tests/e2e/run_e2e_tests.sh
- ./tests/e2e/run_e2e_tests.sh --seistore-svc-url=${SEISMICSTORE_SVC_URL} --seistore-svc-api-key="NA" --user-idtoken="$svctoken" --user-idtoken="$svctoken" --tenant=opendes --subproject=awsdemosubproject --admin-email="${AWS_COGNITO_AUTH_PARAMS_USER}" --datapartition=opendes --legaltag01=opendes-sdmstestlegaltag --legaltag02=opendes-sdmstestlegaltag --subproject-long-name=subprojectlonggggggggggggggggggggggname --VCS-Provider="${ISGITLAB}"
only:
variables:
- $AWS == 'true'
artifacts:
when: always
paths:
- $INTEGRATION_TEST_DIR
expire_in: 14 days
devops/aws/requirements.txt 0 → 100644
View file @ 0e14b062
adal==1.2.2
boto3==1.14.40
botocore==1.17.54
certifi==2019.11.28
cffi==1.14.0
chardet==3.0.4
cryptography==2.8
docutils==0.15.2
idna==2.9
jmespath==0.10.0
pycparser==2.20
PyJWT==1.7.1
python-dateutil==2.8.1
requests==2.23.0
s3transfer==0.3.3
six==1.14.0
urllib3==1.25.8
xmlrunner==1.7.7
\ No newline at end of file
devops/scripts/aws_jwt_client.py 0 → 100644
View file @ 0e14b062
import os;
import boto3;
import jwt;
def get_id_token():
client = boto3.client('cognito-idp', region_name=os.environ["AWS_REGION"])
userAuth = client.initiate_auth(
ClientId= os.environ['AWS_COGNITO_CLIENT_ID'],
AuthFlow= os.environ['AWS_COGNITO_AUTH_FLOW'],
AuthParameters= {
"USERNAME": os.environ['AWS_COGNITO_AUTH_PARAMS_USER'],
"PASSWORD": os.environ['AWS_COGNITO_AUTH_PARAMS_PASSWORD']
})
print(userAuth['AuthenticationResult']['AccessToken'])
def get_invalid_token():
#generate a dummy jwt
return jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256').decode("utf-8")
if __name__ == '__main__':
get_id_token()
docs/templates/.env-sample-aws 0 → 100644
View file @ 0e14b062
#cloud provider is set to aws
CLOUDPROVIDER= "aws"
#specify service port, default is 5000
PORT= 5000
API_BASE_PATH=/api/seismic-store/v3
SERVICE_ENV=evd
ENVIRONMENT=
IMP_SERVICE_ACCOUNT_SIGNER=
AWS_REGION=
# redis instance url (defautl port 6379)
LOCKSMAP_REDIS_INSTANCE_ADDRESS=
LOCKSMAP_REDIS_INSTANCE_PORT= 6379
LOCKSMAP_REDIS_INSTANCE_KEY=
DES_REDIS_INSTANCE_ADDRESS=
DES_REDIS_INSTANCE_PORT=
DES_REDIS_INSTANCE_KEY=
DES_SERVICE_HOST=
DES_SERVICE_APPKEY=
JWKS_URL=
JWT_EXCLUDE_PATHS=
JWT_AUDIENCE=
# Features to disable ONLY the service run locally
JWT_ENABLE_FEATURE= "false"
FEATURE_FLAG_AUTHORIZATION= "false"
FEATURE_FLAG_LEGALTAG= "false"
FEATURE_FLAG_SEISMICMETA_STORAGE= "false"
FEATURE_FLAG_IMPTOKEN= "false"
FEATURE_FLAG_STORAGE_CREDENTIALS= "false"
FEATURE_FLAG_TRACE= "false"
FEATURE_FLAG_LOGGING= "false"
FEATURE_FLAG_STACKDRIVER_EXPORTER= "false"
src/cloud/config.ts
View file @ 0e14b062
......@@ -44,6 +44,9 @@ export interface ConfigModel {
JWT_ENABLE_FEATURE: boolean;
API_BASE_PATH: string;
TENANT_JOURNAL_ON_DATA_PARTITION: boolean;
SSL_ENABLED?: boolean;
SSL_KEY_PATH?: string;
SSL_CERT_PATH?: string;
FEATURE_FLAG_AUTHORIZATION: boolean;
FEATURE_FLAG_LEGALTAG: boolean;
FEATURE_FLAG_SEISMICMETA_STORAGE: boolean;
......@@ -125,6 +128,11 @@ export abstract class Config implements IConfig {
public static FEATURE_FLAG_LOGGING = true;
public static FEATURE_FLAG_STACKDRIVER_EXPORTER = true;
// Server SSL
public static SSL_ENABLED = false;
public static SSL_KEY_PATH: string;
public static SSL_CERT_PATH: string;
// WriteLock Skip
// This is an open issue to discuss.
// Checking the write lock is the correct behaviour and this varialbe shoudl be set to "false".
......@@ -187,6 +195,10 @@ export abstract class Config implements IConfig {
Config.TENANT_JOURNAL_ON_DATA_PARTITION = model.TENANT_JOURNAL_ON_DATA_PARTITION || false;
Config.SSL_ENABLED = model.SSL_ENABLED || false;
Config.SSL_KEY_PATH = model.SSL_KEY_PATH;
Config.SSL_CERT_PATH = model.SSL_CERT_PATH;
Config.checkRequiredConfig(Config.CLOUDPROVIDER, 'CLOUDPROVIDER');
Config.checkRequiredConfig(Config.SERVICE_ENV, 'SERVICE_ENV');
Config.checkRequiredConfig(Config.IMP_SERVICE_ACCOUNT_SIGNER, 'IMP_SERVICE_ACCOUNT_SIGNER');
......
src/cloud/providers/aws/build-aws/build-info.py 0 → 100644
View file @ 0e14b062
# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import boto3
import json
import os
import argparse
# Create the build-info.json
parser = argparse.ArgumentParser(description="")
# env - CODEBUILD_SOURCE_VERSION
parser.add_argument("--branch", type=str, help="")
# env - CODEBUILD_RESOLVED_SOURCE_VERSION
parser.add_argument("--commit", type=str, help="")
# env - CODEBUILD_BUILD_ID
parser.add_argument("--buildid", type=str, help="")
# env - CODEBUILD_BUILD_NUMBER
parser.add_argument("--buildnumber", type=str, help="")
# Get from directory name
parser.add_argument("--reponame", type=str, help="")
# env OUTPUT_DIR
parser.add_argument("--outdir", type=str, help="")
# full ecr image and tag, and any other artifacts
parser.add_argument("--artifact", type=str, action="append", help="")
args = parser.parse_args()
branch = args.branch
commitId = args.commit
buildId = args.buildid
buildNumber = args.buildnumber
repoName = args.reponame
outputDir = args.outdir
artifacts = args.artifact
buildInfoFilePath = os.path.join(".", outputDir, "build-info.json")
print(buildInfoFilePath)
commitArgs = {
"repositoryName": repoName,
"commitId": commitId
}
commitDetail = {
"commit": ""
}
# get the commit detail
try:
codecommit = boto3.client("codecommit")
commitDetail = codecommit.get_commit(**commitArgs)
except Exception as e:
print("Getting commit information from codecommit failed")
buildInfo = {
"branch": branch,
"build-id": buildId,
"build-number": buildNumber,
"repo": repoName,
"artifacts": artifacts,
"commit": commitDetail["commit"]
}
print(json.dumps(buildInfo, sort_keys=True, indent=4))
# write the build.json file to dist
f = open(buildInfoFilePath, "w")
f.write(json.dumps(buildInfo, sort_keys=True, indent=4))
f.close()
src/cloud/providers/aws/build-aws/builder.Dockerfile 0 → 100644
View file @ 0e14b062
# ============================================================================
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============================================================================
# [seistore builder image]
# use ubuntu as base image
FROM ubuntu:bionic
# nodejs version
ARG nodesecure_version=10
# update package list and install required packages
RUN apt-get update
RUN apt-get install -y curl
RUN apt-get install -y gnupg
RUN apt-get install -y git
# setup node from secure package
RUN curl -sL https://deb.nodesource.com/setup_${nodesecure_version}.x -o tmp/nodesource_setup.sh
RUN bash tmp/nodesource_setup.sh
RUN rm -f tmp/nodesource_setup.sh
# install nodejs and typescript globally
RUN apt-get install -y nodejs
RUN npm install -g typescript
src/cloud/providers/aws/build-aws/buildspec.yaml 0 → 100644
View file @ 0e14b062
# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
# https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
version: 0.2
env:
secrets-manager:
DOCKER_USERNAME: /osdu/devops/docker_credentials:username
DOCKER_PASSWORD: /osdu/devops/docker_credentials:password
phases:
install:
commands:
# fix error noted here: https://github.com/yarnpkg/yarn/issues/7866
- curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
- apt-get update -y
- npm install
pre_build:
commands:
- echo "Logging in to Amazon ECR..."
- $(aws ecr get-login --no-include-email --region $AWS_REGION) # authenticate with ECR via the AWS CLI
build:
commands:
- export REPO_NAME=${PWD##*/}
- export OUTPUT_DIR="dist"
- export BRANCH_NAME=`echo ${CODEBUILD_SOURCE_VERSION} | awk '{gsub("refs/heads/","");gsub("\\.","-");gsub("[[:space:]]","-")}1' | sed 's/\//-/g' | awk '{print tolower($0)}'`
- export ECR_TAG_BUILDER=`echo build.builder.${BRANCH_NAME}.${CODEBUILD_BUILD_NUMBER}.${CODEBUILD_RESOLVED_SOURCE_VERSION} | cut -c 1-120`
- export ECR_TAG_PROD=`echo build.${BRANCH_NAME}.${CODEBUILD_BUILD_NUMBER}.${CODEBUILD_RESOLVED_SOURCE_VERSION} | cut -c 1-120`
- export ECR_IMAGE_BUILDER=${ECR_REGISTRY}:${ECR_TAG_BUILDER}
- export ECR_IMAGE_PROD=${ECR_REGISTRY}:${ECR_TAG_PROD}
- export ECR_IMAGE_BRANCH_LATEST=${ECR_REGISTRY}:${BRANCH_NAME}
- export INTEGRATION_TEST_OUTPUT=${OUTPUT_DIR}/testing/integration
- export INTEGRATION_TEST_OUTPUT_BIN=${INTEGRATION_TEST_OUTPUT}/bin
- mkdir -p ${OUTPUT_DIR}/bin
- mkdir -p ${OUTPUT_DIR}/testing && mkdir -p ${INTEGRATION_TEST_OUTPUT} && mkdir -p ${INTEGRATION_TEST_OUTPUT}/bin
- echo "Placeholder" >> ${OUTPUT_DIR}/build-info.json # touched so that the output directory has some content incase the build fails so that testing reports are uploaded
- printenv
- echo "Building seismic-store-service"
- npm run build
- echo "Building integration testing assemblies and gathering artifacts..."
- ./tests/aws-test/build-aws/prepare-dist.sh
- echo "Logging into Docker Hub..."
- docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
- echo "Building docker image..."
#- docker build -f src/cloud/providers/aws/build-aws/Dockerfile -t ${ECR_IMAGE} .
- docker build -f src/cloud/providers/aws/build-aws/builder.Dockerfile -t ${ECR_IMAGE_BUILDER} .
- docker build -f src/cloud/providers/aws/build-aws/runtime.Dockerfile -t ${ECR_IMAGE_PROD} --build-arg docker_builder_image=${ECR_IMAGE_BUILDER} .
- docker tag ${ECR_IMAGE_PROD} ${ECR_IMAGE_BRANCH_LATEST}
- echo "Pushing docker image..."
- docker push ${ECR_IMAGE_PROD}
- docker push ${ECR_IMAGE_BRANCH_LATEST}
- echo "Generate build-info.json"
- |
python src/cloud/providers/aws/build-aws/build-info.py --branch ${CODEBUILD_SOURCE_VERSION} --commit ${CODEBUILD_RESOLVED_SOURCE_VERSION} \
--buildid ${CODEBUILD_BUILD_ID} --buildnumber ${CODEBUILD_BUILD_NUMBER} --reponame ${REPO_NAME} --outdir ${OUTPUT_DIR} \
--artifact ${ECR_IMAGE_PROD}
artifacts:
files:
- "**/*"
base-directory: "dist"
name: ${REPO_NAME}_${BRANCH_NAME}_$(date +%F)_${CODEBUILD_BUILD_NUMBER}.zip
src/cloud/providers/aws/build-aws/entrypoint.sh 0 → 100755
View file @ 0e14b062
./ssl.sh;
node ./dist/server/server-start.js
src/cloud/providers/aws/build-aws/runtime.Dockerfile 0 → 100644
View file @ 0e14b062
# ============================================================================
# Copyright 2017-2019, Schlumberger
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============================================================================
# [seistore runtime image]
ARG docker_node_image_version=12.18.2
ARG docker_builder_image
# build the service (require builder image)
FROM ${docker_builder_image} as runtime-builder
RUN apt-get install -yqq --no-install-recommends openssl
ADD ./ /service
WORKDIR /service
RUN npm run clean && rm -rf node_modules && rm -rf artifact && mkdir artifact
RUN npm install
RUN npm run build
RUN cp -r package.json npm-shrinkwrap.json dist artifact
# Create the runtime image (require base image)
FROM node:${docker_node_image_version} as release
#Default to using self signed generated TLS cert
ENV USE_SELF_SIGNED_SSL_CERT true
ENV SSL_CERT_PATH "/src/cloud/providers/aws/certs/cert.crt"
ENV SSL_KEY_PATH "/src/cloud/providers/aws/certs/cert.key"
ENV SSL_ENABLED "true"
COPY --from=runtime-builder /service/artifact /seistore-service
WORKDIR /seistore-service
COPY src/cloud/providers/aws/build-aws/ssl.sh /seistore-service/ssl.sh
COPY src/cloud/providers/aws/build-aws/entrypoint.sh /seistore-service/entrypoint.sh
RUN npm install --production
ENTRYPOINT ["/bin/sh", "-c", "/seistore-service/entrypoint.sh"]
\ No newline at end of file
src/cloud/providers/aws/build-aws/ssl.sh 0 → 100755
View file @ 0e14b062
#!/usr/bin/env bash
#Future: Support for using Amazon Cert Manager
# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
# then
# if [ -z $SSL_CERT_PATH ] || [ -z $SSL_KEY_PATH ];
# then
# echo "SSL_CERT_PATH and SSL_KEY_PATH must be set as environment variables when using ACM_CERTIFICATE_ARN"
# exit 1
# fi
# aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
# openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
# fi
if [ -n $USE_SELF_SIGNED_SSL_CERT ];
then
if [ -z $SSL_CERT_PATH ] || [ -z $SSL_KEY_PATH ];
then
echo "SSL_CERT_PATH and SSL_KEY_PATH must be set as environment variables when using USE_SELF_SIGNED_SSL_CERT"
exit 1
fi
mkdir -p $(dirname "$SSL_CERT_PATH")
mkdir -p $(dirname "$SSL_KEY_PATH")
hostname="localhost"
subject="/CN=${hostname}"
#new versions of openssl support this:
# openssl req \
# -newkey rsa:2048 -nodes -keyout ${SSL_KEY_PATH} \
# -new -x509 -sha256 -days 365 -out ${SSL_CERT_PATH} \
# -subj "${subject}" \
# -addext "subjectAltName = DNS:${hostname}" \
# -addext "extendedKeyUsage = serverAuth"
#old version of openssl use this:
confdir=$(openssl version -d | awk -F'"' '{print $2}')
openssl req \
-newkey rsa:2048 -nodes -keyout ${SSL_KEY_PATH} \
-new -x509 -sha256 -days 365 -out ${SSL_CERT_PATH} \
-subj "${subject}" \
-extensions SAN -reqexts SAN \
-config <(cat ${confdir}/openssl.cnf;printf "[SAN]\nsubjectAltName=DNS:${hostname}\nextendedKeyUsage=serverAuth")
fi
src/cloud/providers/aws/config.ts 0 → 100644
View file @ 0e14b062
// Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
import { Config, ConfigFactory } from '../../config';
import {AWSSSMhelper} from './ssmhelper';
@ConfigFactory.register('aws')
export class AWSConfig extends Config {
// scopes
public static AWS_EP_OAUTH2: string;
public static AWS_EP_IAM: string;
public static AWS_REGION: string;
public static AWS_ENVIRONMENT: string;
public static AWS_BUCKET: string;
//Logger
public static LOGGER_LEVEL;
// max len for a group name in DE
public static DES_GROUP_CHAR_LIMIT = 256;
public async init(): Promise<void> {
// init AWS specific configurations
AWSConfig.AWS_EP_OAUTH2 = process.env.WS_EP_OAUTH2;
AWSConfig.AWS_EP_IAM = process.env.AWS_EP_IAM;
AWSConfig.AWS_REGION = process.env.AWS_REGION;
AWSConfig.AWS_ENVIRONMENT = process.env.ENVIRONMENT;
const awsSSMHelper = new AWSSSMhelper();
AWSConfig.AWS_BUCKET = await awsSSMHelper.getSSMParameter('/osdu/'+AWSConfig.AWS_ENVIRONMENT+'/seismic-store/seismic-s3-bucket-name');
//Logger
AWSConfig.LOGGER_LEVEL = process.env.LOGGER_LEVEL || 'info';
Config.initServiceConfiguration({
SERVICE_ENV: process.env.SERVICE_ENV,
SERVICE_PORT: +process.env.PORT || 5000,
API_BASE_PATH: process.env.API_BASE_PATH,
IMP_SERVICE_ACCOUNT_SIGNER: process.env.IMP_SERVICE_ACCOUNT_SIGNER||'',
LOCKSMAP_REDIS_INSTANCE_ADDRESS: process.env.LOCKSMAP_REDIS_INSTANCE_ADDRESS,
LOCKSMAP_REDIS_INSTANCE_PORT: +process.env.LOCKSMAP_REDIS_INSTANCE_PORT,
LOCKSMAP_REDIS_INSTANCE_KEY: process.env.LOCKSMAP_REDIS_INSTANCE_KEY||'',
DES_REDIS_INSTANCE_ADDRESS: process.env.DES_REDIS_INSTANCE_ADDRESS,
DES_REDIS_INSTANCE_PORT: +process.env.DES_REDIS_INSTANCE_PORT,
DES_REDIS_INSTANCE_KEY: process.env.DES_REDIS_INSTANCE_KEY,
DES_SERVICE_HOST_COMPLIANCE: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_ENTITLEMENT: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_STORAGE: process.env.DES_SERVICE_HOST,
DES_SERVICE_HOST_PARTITION: process.env.DES_SERVICE_HOST,
DES_SERVICE_APPKEY: process.env.DES_SERVICE_APPKEY||'',
DES_GROUP_CHAR_LIMIT: AWSConfig.DES_GROUP_CHAR_LIMIT,
JWKS_URL: process.env.JWKS_URL,
JWT_EXCLUDE_PATHS: process.env.JWT_EXCLUDE_PATHS||'',
JWT_AUDIENCE: process.env.JWT_AUDIENCE||'',
JWT_ENABLE_FEATURE: process.env.JWT_ENABLE_FEATURE ? process.env.JWT_ENABLE_FEATURE === 'true' : false,
TENANT_JOURNAL_ON_DATA_PARTITION: true,
SSL_ENABLED: process.env.SSL_ENABLED === 'true',
SSL_KEY_PATH: process.env.SSL_KEY_PATH,
SSL_CERT_PATH: process.env.SSL_CERT_PATH,
FEATURE_FLAG_AUTHORIZATION: process.env.FEATURE_FLAG_AUTHORIZATION !== undefined ?
process.env.FEATURE_FLAG_AUTHORIZATION !== 'false' : true,
FEATURE_FLAG_LEGALTAG: process.env.FEATURE_FLAG_LEGALTAG !== undefined ?
process.env.FEATURE_FLAG_LEGALTAG !== 'false' : true,
FEATURE_FLAG_SEISMICMETA_STORAGE: process.env.FEATURE_FLAG_SEISMICMETA_STORAGE !== undefined ?
process.env.FEATURE_FLAG_SEISMICMETA_STORAGE !== 'false' : true,
FEATURE_FLAG_IMPTOKEN: process.env.FEATURE_FLAG_IMPTOKEN !== undefined ?
process.env.FEATURE_FLAG_IMPTOKEN !== 'false' : true,
FEATURE_FLAG_STORAGE_CREDENTIALS: process.env.FEATURE_FLAG_STORAGE_CREDENTIALS !== undefined ?
process.env.FEATURE_FLAG_STORAGE_CREDENTIALS !== 'false' : true,
FEATURE_FLAG_TRACE: process.env.FEATURE_FLAG_TRACE !== undefined ?
process.env.FEATURE_FLAG_TRACE !== 'false' : true,
FEATURE_FLAG_LOGGING: process.env.FEATURE_FLAG_LOGGING !== undefined ?
process.env.FEATURE_FLAG_LOGGING !== 'false' : true,
FEATURE_FLAG_STACKDRIVER_EXPORTER: process.env.FEATURE_FLAG_STACKDRIVER_EXPORTER !== undefined ?