/
.envrc
174 lines (142 loc) · 6.37 KB
/
.envrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
#! /bin/bash
##########################################
# DO NOT MAKE LOCAL CHANGES TO THIS FILE #
# #
# Vars in this file can be overridden by #
# exporting them in .envrc.local #
##########################################
# ShellCheck complains about things like `foo=$(cmd)` because you lose the
# return value of `cmd`. That said, we're not using `set -e`, so we aren't
# really concerned about return values. The following `true`, applies the
# rule to the entire file.
# See: https://github.com/koalaman/shellcheck/wiki/SC2155
# shellcheck disable=SC2155
true
required_vars=()
var_docs=()
# Declare an environment variable as required.
#
# require VAR_NAME "Documentation about how to define valid values"
require() {
required_vars+=("$1")
var_docs+=("$2")
}
# Check all variables declared as required. If any are missing, print a message and
# exit with a non-zero status.
check_required_variables() {
for i in "${!required_vars[@]}"; do
var=${required_vars[i]}
if [[ -z "${!var}" ]]; then
log_status "${var} is not set: ${var_docs[i]}"
missing_var=true
fi
done
if [[ $missing_var == "true" ]]; then
log_error "Your environment is missing some variables!"
log_error "Set the above variables in .envrc.local and try again."
fi
}
#########################
# Project Configuration #
#########################
# Capture the root directory of the project. This works even if someone `cd`s
# directly into a subdirectory.
export MYMOVE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Configuration needed for secure migrations.
export SECURE_MIGRATION_DIR="${MYMOVE_DIR}/local_migrations"
export SECURE_MIGRATION_SOURCE="local"
export DB_PASSWORD=mysecretpassword
export DB_USER=postgres
export DB_HOST=localhost
export DB_PORT=5432
export DB_NAME=dev_db
# Login.gov configuration
export LOGIN_GOV_CALLBACK_PROTOCOL="http"
export LOGIN_GOV_CALLBACK_PORT="3000"
export LOGIN_GOV_MY_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:mymovemillocal"
export LOGIN_GOV_OFFICE_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:officemovemillocal"
export LOGIN_GOV_TSP_CLIENT_ID="urn:gov:gsa:openidconnect.profiles:sp:sso:dod:tspmovemillocal"
export LOGIN_GOV_HOSTNAME="idp.int.identitysandbox.gov"
require LOGIN_GOV_SECRET_KEY "See https://docs.google.com/document/d/148RzqgaQbhOxXd4z_xuj5Jz8JNETThrn7RVFmMqXFvk"
# JSON Web Token (JWT) config
CLIENT_AUTH_SECRET_KEY=$(cat config/tls/devlocal-client_auth_secret.key)
export CLIENT_AUTH_SECRET_KEY
# Path to PKCS#7 package containing certificates of all DoD root and
# intermediate CAs, so that we can both validate the server certs of other DoD
# entities like GEX and DMDC, as well as validate the client certs of other DoD
# entities when they connect to us
export DOD_CA_PACKAGE="${MYMOVE_DIR}/config/tls/Certificates_PKCS7_v5.4_DoD.der.p7b"
# MyMove client certificate
# All of our DoD-signed certs are currently signed by DOD SW CA-54
MOVE_MIL_DOD_CA_CERT=$(cat ${MYMOVE_DIR}/config/tls/dod-sw-ca-54.pem)
require MOVE_MIL_DOD_TLS_CERT "See https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
require MOVE_MIL_DOD_TLS_KEY "See https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
export MOVE_MIL_DOD_CA_CERT
# Prevent user sessions from timing out
export NO_SESSION_TIMEOUT=true
# Use UTC timezone
export TZ="UTC"
# AWS development access
#
# To use S3/SES for local builds, you'll need to add the following to
# your .envrc.local:
#
# export STORAGE_BACKEND=s3
# export EMAIL_BACKEND=ses
#
# The default and equivalent to not being set is:
#
# export STORAGE_BACKEND=local
# export EMAIL_BACKEND=local
#
# Your AWS credentials should be setup in the transcom-ppp profile using
# aws-vault. They will be detected and used by the app automatically.
export AWS_S3_BUCKET_NAME="transcom-ppp-app-devlocal-us-west-2"
export AWS_S3_REGION="us-west-2"
export AWS_PROFILE=transcom-ppp
export AWS_S3_KEY_NAMESPACE=$USER
export AWS_SES_DOMAIN="devlocal.dp3.us"
export AWS_SES_REGION="us-west-2"
# Bing MAPS API
# export BING_MAPS_ENDPOINT="https://dev.virtualearth.net/REST/v1/Routes/Truck"
# require BING_MAPS_KEY "See https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
# HERE MAPS API
export HERE_MAPS_GEOCODE_ENDPOINT="https://geocoder.cit.api.here.com/6.2/geocode.json"
export HERE_MAPS_ROUTING_ENDPOINT="https://route.cit.api.here.com/routing/7.2/calculateroute.json"
require HERE_MAPS_APP_ID "See https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
require HERE_MAPS_APP_CODE "See https://docs.google.com/document/d/16ZomLuR6BPEIK4enfMcqu31oiJYZWNDe9Znyf9e88dg"
# Transcom ppp-infra repo path
require PPP_INFRA_PATH "Set to your local checkout of https://github.com/transcom/ppp-infra (e.g., ~/your-personal-repo-directory/ppp-infra)."
# GEX integration config
export GEX_BASIC_AUTH_USERNAME="mymovet"
require GEX_BASIC_AUTH_PASSWORD "See https://docs.google.com/document/d/1nvLXLQYz5ax3Ds4n2Y5OeANJhs0AbHtjkrKzI0gN3_o"
require DPS_AUTH_SECRET_KEY "https://docs.google.com/document/d/1HAD9tu9WahzVEam5FFWrgywdMm4aTfVW-Mp3rL7idAo"
require DPS_AUTH_COOKIE_SECRET_KEY "https://docs.google.com/document/d/1HAD9tu9WahzVEam5FFWrgywdMm4aTfVW-Mp3rL7idAo"
export DPS_COOKIE_EXPIRES_IN_MINUTES="240"
export HTTP_SDDC_PROTOCOL="http"
export HTTP_SDDC_PORT="8080"
export DPS_REDIRECT_URL="https://dpstest.sddc.army.mil/cust"
export DPS_COOKIE_NAME="DPSIVV"
# DMDC Identity Web Services Real-Time Broker Service
export IWS_RBS_HOST="pkict.dmdc.osd.mil"
# Unsecured CSRF Auth Key, for local dev only
require CSRF_AUTH_KEY "See https://docs.google.com/document/d/1DuWXZLFaW7FXvqh-PStqjZI40niEavXWS5PPtWPlK3w"
##############################################
# Load Local Overrides and Check Environment #
##############################################
# Load a local overrides file. Any changes you want to make for your local
# environment should live in that file.
if [ -e .envrc.local ]
then
source_env .envrc.local
fi
# Source the ppp-infra repo .envrc to get aws-vault wrapper
# configuration setup.
if [ -e "$PPP_INFRA_PATH"/transcom-ppp/.envrc ]
then
source_env "$PPP_INFRA_PATH"/transcom-ppp/.envrc
else
log_error "Unable to find the transcom-ppp/.envrc file. Please check PPP_INFRA_PATH if aws commands don't work."
fi
# Check that all required environment variables are set
check_required_variables