Merge pull request #12 from clientIO/modifications

agno01 · web-flow · commit 125cf5eb7b6d · 2025-04-23T12:07:24.000+02:00
Modifications
diff --git a/.gitignore b/.gitignore
@@ -36,3 +36,7 @@ terraform.rc
 .terraform.lock.hcl
 
 .env
+
+.DS_Store
+
+.idea
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/elasticsearch.tf b/elasticsearch.tf
@@ -1,7 +1,7 @@
 locals {
   elasticsearch_master_username = random_pet.elasticsearch_username.id
   elasticsearch_enabled         = var.external_elasticsearch == null
-  elasticsearch_subnet_ids      = slice(local.private_subnet_ids, 0, min(length(local.private_subnet_ids), var.elasticsearch.instance_count))
+  elasticsearch_subnet_ids      = [local.private_subnet_ids[0]]
 }
 
 module "elasticsearch" {
diff --git a/examples/production/auth.dockerconfigjson b/examples/production/auth.dockerconfigjson
@@ -0,0 +1 @@
+{"registry.appmixer.com":{"username":"<replace-with-username>","password":"<replace-with-password>"}}
diff --git a/examples/production/global-bundle.pem b/examples/production/global-bundle.pem
diff --git a/examples/production/main.tf b/examples/production/main.tf
@@ -25,12 +25,12 @@ module "appmixer_module" {
   }
 
   init_user = {
-    email    = "XXX"
-    username = "XXX"
-    password = "XXX"
+    email    = "<init-user@email.tld>"
+    username = "<init-user>"
+    password = "<init-user-password>"
   }
 
-  ecs_registry_auth_data = "XXX"
+  ecs_registry_auth_data = "base64-encoded-docker-registry-auth-dockerconfigjson"
 
   ecs_common_service_config = {
     wait_for_steady_state    = true
@@ -116,6 +116,18 @@ module "appmixer_module" {
     }
   }
 
+  # Engine fix to use MongoDB TLS
+  ecs_per_service_config = {
+    engine = {
+      entrypoint = ["/bin/bash", "-c"]
+      command    = ["apt-get update; apt-get -y install wget; wget -O /root/global-bundle.pem https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem; node gridd.js --http --emails"]
+    }
+    quota = {
+      entrypoint = ["/bin/bash", "-c"]
+      command    = ["apt-get update; apt-get -y install wget; wget -O /root/global-bundle.pem https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem; npm start"]
+    }
+  }
+
   elasticsearch = {
     instance_count = length(local.availability_zones)
   }
diff --git a/locals.tf b/locals.tf
@@ -58,7 +58,7 @@ locals {
 
   # Frontend service configuration
   frontend = {
-    image = "registry.appmixer.com/appmixer-frontend:5.2.0"
+    image = "registry.appmixer.com/appmixer-frontend:6.0.12"
     url   = "my.${var.root_dns_name}"
     env = {
       APPMIXER_BO_URL = "https://${local.backoffice.url}"
@@ -69,7 +69,7 @@ locals {
 
   # Backoffice service configuration
   backoffice = {
-    image  = "registry.appmixer.com/appmixer-backoffice:5.2.0"
+    image  = "registry.appmixer.com/appmixer-backoffice:6.0.12"
     url    = "bo.${var.root_dns_name}"
     env    = {}
     cpu    = 256
@@ -78,19 +78,23 @@ locals {
 
   # Engine service configuration
   engine = {
-    image = "registry.appmixer.com/appmixer-engine:5.2.0-nocomp"
+    image = "registry.appmixer.com/appmixer-engine:6.0.12-nocomp"
     url   = "api.${var.root_dns_name}"
     env = {
-      SYSTEM_PLUGINS    = "minio"
-      MINIO_ACCESS_KEY  = module.s3_bucket.access_key_id
-      MINIO_SECRET_KEY  = module.s3_bucket.secret_access_key
-      MINIO_ENDPOINT    = "s3.amazonaws.com"
-      MINIO_USE_SSL     = true
-      MINIO_REGION      = data.aws_region.current.name
-      MINIO_BUCKET_NAME = module.s3_bucket.bucket_id
-      DB_TLS_CA_FILE    = "global-bundle.pem"
-      DB_USE_TLS        = "true"
-      DB_SSL_VALIDATE   = "true"
+      SYSTEM_PLUGINS     = "minio,auth_hub"
+      MINIO_ACCESS_KEY   = module.s3_bucket.access_key_id
+      MINIO_SECRET_KEY   = module.s3_bucket.secret_access_key
+      MINIO_ENDPOINT     = "s3.amazonaws.com"
+      MINIO_USE_SSL      = true
+      MINIO_REGION       = data.aws_region.current.name
+      MINIO_BUCKET_NAME  = module.s3_bucket.bucket_id
+      DB_TLS_CA_FILE     = "/root/global-bundle.pem"
+      DB_USE_TLS         = "true"
+      DB_SSL_VALIDATE    = "true"
+      AUTH_HUB_URL       = "https://auth-hub.${var.root_dns_name}"
+      AUTH_HUB_TOKEN     = "<replace-with-token-value>"
+      ENCRYPTION_ENABLED = "true"
+      ENCRYPTION_SECRET  = "<replace-with-encryption-secret>"
     }
     cpu          = 512
     memory       = 1024
@@ -105,7 +109,7 @@ locals {
 
   # Quota service configuration
   quota = {
-    image = "registry.appmixer.com/appmixer-quota:5.2.0"
+    image = "registry.appmixer.com/appmixer-quota:6.0.12"
     env = {
       DB_TLS_CA_FILE  = "/root/global-bundle.pem"
       DB_USE_TLS      = "true"
diff --git a/outputs.tf b/outputs.tf
@@ -3,6 +3,11 @@ output "alb_dns_name" {
   description = "DNS name of the ALB"
 }
 
+output "elasticsearch_subnet_ids" {
+  value       = local.elasticsearch_subnet_ids
+  description = "ES subnets"
+}
+
 output "services_urls" {
   value = {
     backoffice = local.backoffice.url
diff --git a/user-init.tf b/user-init.tf
@@ -45,11 +45,11 @@ resource "aws_ecs_task_definition" "this" {
   container_definitions = jsonencode([
     {
       name       = "${module.label.id}-mongo-init-user"
-      image      = "mongo:latest"
+      image      = "mongo:5.0"
       cpu        = 10
       memory     = 512
       essential  = true
-      entryPoint = ["/bin/bash", "-c", "apt-get update --allow-insecure-repositories; apt-get install wget; wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem;  mongosh appmixer --host ${module.documentdb_cluster.endpoint}:27017 --username ${module.documentdb_cluster.master_username} --password ${module.documentdb_cluster.master_password} --retryWrites=false --eval 'db.users.updateOne({ email: \"${local.user_init_email}\"},{$set: {scope: [\"user\",\"admin\"]}});' --tls --tlsCAFile global-bundle.pem"]
+      entryPoint = ["/bin/bash", "-c", "apt-get update --allow-insecure-repositories; apt-get install wget; wget -O /root/global-bundle.pem https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem;  mongosh appmixer --host ${module.documentdb_cluster.endpoint}:27017 --authenticationMechanism SCRAM-SHA-1 --username ${module.documentdb_cluster.master_username} --password ${module.documentdb_cluster.master_password} --retryWrites=false --eval 'db.users.updateOne({ email: \"${local.user_init_email}\"},{$set: {scope: [\"user\",\"admin\"]}});' --tls --tlsCAFile /root/global-bundle.pem"]
       logConfiguration = {
         logDriver = "awslogs"
         options = {
diff --git a/variables.tf b/variables.tf
@@ -113,7 +113,7 @@ variable "rabbitmq" {
   type = object({
     auto_minor_version_upgrade = optional(bool, true)
     deployment_mode            = optional(string, "SINGLE_INSTANCE")
-    engine_version             = optional(string, "3.8.34")
+    engine_version             = optional(string, "3.13")
     host_instance_type         = optional(string, "mq.t3.micro")
     audit_log_enabled          = optional(bool, false)
     general_log_enabled        = optional(bool, true)

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`locals {`
`2`	`2`	`elasticsearch_master_username = random_pet.elasticsearch_username.id`
`3`	`3`	`elasticsearch_enabled = var.external_elasticsearch == null`
`4`		`- elasticsearch_subnet_ids = slice(local.private_subnet_ids, 0, min(length(local.private_subnet_ids), var.elasticsearch.instance_count))`
	`4`	`+ elasticsearch_subnet_ids = [local.private_subnet_ids[0]]`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`module "elasticsearch" {`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+{"registry.appmixer.com":{"username":"<replace-with-username>","password":"<replace-with-password>"}}`