internal-icgc pcawg 2022.03 2021.06 internal-icgc.bionimbus.org 1647626564

[PlanXCyborg]

Applying version 2021.06 to internal-icgc.bionimbus.org

[PlanXCyborg]

internal-icgc.bionimbus.org/manifest.json

Deployment changes

• arborist
  • Needs Fence later than 4.22.2 or 2020.08 (which introduces the new JWT scopes claim). ((PXP-6617): remove scopes from jwt aud claim arborist#130)
• guppy
  • To deploy SearchFilters in a tab of the Explorer page, add an entry to data{/file}ExplorerConfig.filters.tabs.searchFields. NOTE: Do not add the same field to both searchFields and fields, this will cause strange behavior in the search field. Example config: ((PXP-6359) Add Search Filter guppy#99)
  • "filters": { ((PXP-6359) Add Search Filter guppy#99)
  • "tabs": [ ((PXP-6359) Add Search Filter guppy#99)
  • { ((PXP-6359) Add Search Filter guppy#99)
  • "title": "Subject", ((PXP-6359) Add Search Filter guppy#99)
  • "searchFields": [ ((PXP-6359) Add Search Filter guppy#99)
  • "subject_id", ((PXP-6359) Add Search Filter guppy#99)
  • "submitter_id", ((PXP-6359) Add Search Filter guppy#99)
  • "consent_codes" ((PXP-6359) Add Search Filter guppy#99)
  • ], ((PXP-6359) Add Search Filter guppy#99)
  • "fields": [ ((PXP-6359) Add Search Filter guppy#99)
  • "data_type", ((PXP-6359) Add Search Filter guppy#99)
  • "data_format", ((PXP-6359) Add Search Filter guppy#99)
  • ... ((PXP-6359) Add Search Filter guppy#99)
  • ] ((PXP-6359) Add Search Filter guppy#99)
  • } ((PXP-6359) Add Search Filter guppy#99)

• indexd
  • When running gen3authz, backoff package needed separate poetry run pip install (PXP-6824: return 401 errors from Arborist indexd#304)
• portal
  • envs with customized color schemes no longer need to overwrite dictionary button color in their gitops.css ((PXP-6570): refactor/dictionaryBtnColor: change dictionary btn to use defined global colors data-portal#822)
  • New optional config property, tierAccessLevel, in each tab of the explorerConfig block in the portal config. Used to enable index-scoped tiered-access, which is only available starting with Guppy server version 0.11.0. See README for more information. (Feat/index scoped tiered access data-portal#802)
  • To deploy Discovery page: ((PXP-7402) Discovery page data-portal#803)
  • "featureFlags": { "discovery": true } must be set in the portal config. ((PXP-7402) Discovery page data-portal#803)
  • If discoveryConfig.features.authorization.enabled: true, "useArboristUI": true must be set in the portal config. ((PXP-7402) Discovery page data-portal#803)
  • "discoveryConfig": <DiscoveryConfig> must be set in the portal config. DiscoveryConfig documentation can be found at https://github.com/uc-cdis/data-portal/blob/master/docs/portal_config.md ((PXP-7402) Discovery page data-portal#803)
  • To upload data to Discovery page, data must be uploaded to environment's metadata-service instance with guid_type: "discovery_metadata". The metadata must all be under the top-level property gen3_discovery. (No documentation on this process yet, see this gist for right now https://gist.github.com/Avantol13/a53593837503fede2881f315198247c4) ((PXP-7402) Discovery page data-portal#803)
  • Added new entry GWASApp for analysisTools for this new GWAS app for VA. Beaware not to confuse with the old "GWAS PoC" app, which bears the entry vaGWAS (PXP-7296 PXP-7180 Feat/va gwas app data-portal#777)
  • antd modal now by default will use g3-color__base-blue as header background color, this is consistant with our color schemes for other UI components. If an env has customized color scheme, please override .ant-modal-header in gitops.css (PXP-7296 PXP-7180 Feat/va gwas app data-portal#777)
  • The new feature of Portal requires Guppy v0.10.0 ((PXP-6540): Feat/explorer download formats data-portal#780)
  • Added new button types in the Portal config. See portal_config.md for an example. ((PXP-6540): Feat/explorer download formats data-portal#780)
  • At time of writing, qa-midrc is only env using the new feature flag. These changes should be deployed alongside each other to production, but nothing will break if done separately. ((PXP-7097) Add optional alternate TopBar profile menu data-portal#759)
  • New value for GEN3_BUNDLE env var GEN3_BUNDLE=nct (PXP-6895 NIAID CT bundle data-portal#742)
  • New optional portal config variable injectDAPTag (default value is false). If set to true, will inject DAP tag script into page header (this is required for NCT PROD env only) (PXP-6895 NIAID CT bundle data-portal#742)
  • All envs should check if the dataExplorerConfig field in its portal config has ONLY arrangerConfig field but NO guppyConfig field (it is okay to have both). If so, please update dataExplorerConfig to use Guppy (PXP-6409 Remove arranger data-portal#743)
  • A new Export to PFB button can be optionally enabled in the config.json. It is disabled by default. The button requires at least pelican:2020.10 release. (Feat/export pfb to workspace data-portal#681)
  • Add GEN3_BUNDLE=covid19 as portal env var to enable covid bundle (Feat/covid bundle data-portal#737)
  • Limited File PFB Export requires Pelican >= 0.5.0, Tube >= 0.4.1 ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • Limited File PFB Export is enabled by setting fileExplorerConfig.enableLimitedFilePFBExport: { sourceNodeField: "source_node" } and by adding buttons of buttonType export-files (Export to Terra), export-files-to-pfb (Download PFB), or export-files-to-seven-bridges (Export to Seven Bridges) to fileExplorerConfig.buttons. Example: ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "fileExplorerConfig": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • ... ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "buttons": [ ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • .... ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "enabled": true, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "type": "export-files-to-pfb", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "title": "Export All to PFB", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "rightIcon": "external-link", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "tooltipText": "You have not selected any cases to export. Please use the checkboxes on the left to select specific cases you would like to export." ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "enabled": true, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "type": "export-files", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "title": "Export All to Terra", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "rightIcon": "external-link", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "tooltipText": "You have not selected any cases to export. Please use the checkboxes on the left to select specific cases you would like to export." ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • ], ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "enableLimitedFilePFBExport": {"sourceNodeField": "source_node"}, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • Limited File PFB Export requires the source_node property to be ETL'd -- source_node should be added to props in the file section of etlMapping.yaml. Example: ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • name: mpingram_file ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • doc_type: file ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • type: collector ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • root: None ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • category: data_file ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • props: ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • name: object_id ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • name: md5sum ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • ... ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • name: source_node ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • Limited File PFB Export requires a new export-files job block to be added to the Sower config in manifest.json. The $ROOT_NODE environment variable must be set to "file", or the name of the Guppy file index if it isn't "file". For BioDataCatalyst, the EXTRA_NODES environment variable must be set to "". (This is for backwards compatibility: pelican-export includes reference_file by default on all BDCat PFB exports unless $EXTRA_NODES is set to an empty string). Example sower config: ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "pelican-export-files", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "action": "export-files", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "container": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "job-task", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "image": "quay.io/cdis/pelican-export:0.5.0", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "pull_policy": "Always", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "env": [ ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "DICTIONARY_URL", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "valueFrom": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "configMapKeyRef": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "manifest-global", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "key": "dictionary_url" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "GEN3_HOSTNAME", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "valueFrom": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "configMapKeyRef": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "manifest-global", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "key": "hostname" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "ROOT_NODE", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "value": "file" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "EXTRA_NODES", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "value": "" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • ], ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "volumeMounts": [ ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "pelican-creds-volume", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "readOnly": true, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "mountPath": "/pelican-creds.json", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "subPath": "config.json" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "peregrine-creds-volume", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "readOnly": true, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "mountPath": "/peregrine-creds.json", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "subPath": "creds.json" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • ], ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "cpu-limit": "1", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "memory-limit": "4Gi" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "volumes": [ ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "pelican-creds-volume", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "secret": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "secretName": "pelicanservice-g3auto" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "name": "peregrine-creds-volume", ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "secret": { ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "secretName": "peregrine-creds" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • } ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • ], ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • "restart_policy": "Never" ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • }, ((PXP-6544) Limited PFB Export from the Files Tab data-portal#729)
  • Portal should be updated to include this fix if Indexd is above 2.12.0 or 2020.07 and user want to use Arborist UI (fix: data upload auth check data-portal#702)
  • New optional config field in the index section of gitops.json called homepageChartNodeChunkSize. Sets the value for paritioning requests to Peregrine for the homepage chart. Defaults to 15 if not provided. (Feat/peregrine request chunk data-portal#699)
• tube
  • Requires pelican-export >= 0.5.x (fix(project_id): ensure project_id exists tube#131)
  • Breaking change adding underscore to all {subject,case,file}_id fields. Requires migrating gitops.json and etlMapping.yaml following these instructions: 1. Make a list of all the doc_type fields in etlMapping.yaml. 2. Change any instance of {doc_type}_id to _{doc_type}_id in gitops.json and etlMapping.yaml. (E.g. if doc_type is subject, replace all instances of subject_id in etlMapping.yaml and gitops.json with _subject_id). 3. If there is no change to the etlMapping in the PR, manually add a comment to the etlMapping or change the order of two props in order to force gitops-sync to run the ETL. (fix(project_id): ensure project_id exists tube#131)

Breaking changes

• arborist
  • In step with Fence changes to issued JWTs, in which scopes are moved into a dedicated scope claim (Fence 4.22.2/2020.08) and out of the aud claim (Fence 5.0.0/2021.07), this commit changes Arborist JWT validation logic so that it does the same validation it was doing on the aud field, but does it on the scope field instead. This Arborist version must therefore be paired with a Fence later than 4.22.2/2020.08. Conversely, Fence 5.0.0/2021.07 will require Arborist later than this commit. ((PXP-6617): remove scopes from jwt aud claim arborist#130)
• guppy
  • User can only see/query the data for a project if they have the following access: method read (or * - all methods) to service guppy (or * - all services) on that project resource. (previously they can see/query all the data if you any types of access to them) (PXP-6412 Feat/auth mapping guppy#93)
• portal
  • Arranger is removed (PXP-6409 Remove arranger data-portal#743)
  • DataExplorer is removed (PXP-6409 Remove arranger data-portal#743)
  • ExplorerPage is removed (PXP-6409 Remove arranger data-portal#743)
• sheepdog
  • Note that this PR will cause Sheepdog behavior to change slightly during a data submission flow in which the acl and/or authz field are previously populated in the corresponding Indexd record and the Indexd uploader field is not null and the Sheepdog submitter does not match the Indexd uploader. While the existing behavior will cause data submission to fail and report an error message to the user, this PR’s changes will mean that data submission can still succeed in this case of populated acl/authz and uploader mismatch. I believe this change in behavior is not problematic in that it would be unexpected in any commons for uploader and (acl and/or authz) to both be populated. ((PXP-6580): fix data submission by only writing acl and authz iff both are empty sheepdog#330)