Updating Env gen3staging.kidsfirstdrc.org - 2023.02 1675365890

[PlanXCyborg]

Applying version 2023.02 to gen3staging.kidsfirstdrc.org

[PlanXCyborg]

gen3staging.kidsfirstdrc.org/manifest.json

Deployment changes

• dashboard
  • This change will add some CSP and CORS related header to the response that returned from the dashboard services. They should not be interruptive, but each team is encouraged to double check their webpages hosted by dashboard to ensure they still works (fix: sec patch gen3-statics#27)
  • Because of these CSP directives being added, starting from this version, if anyone what to load remote scripts in their dashboard-hosted webpages, they will need to update the CSP directives in this dashboard service if the current directives doesn't fit, or to ship the script files with the page (fix: sec patch gen3-statics#27)
• fence
  • Requires a Fence DB migration (PXP-10541 Client credentials rotation fence#1068)
• portal
  • New portal config options to exclude File nodes from the charts added: use "graphql.chartNodesExcludeFiles" to exclude File nodes from graphql chart, or use "components.index.homepageChartNodesExcludeFiles" to exclude File nodes from homepage chart. Note both of them are default to false so you have to explicitly set them to true to enable them (PXP-10565/PPS-177 fix: exclude file nodes from chart with options data-portal#1208)
  • this change assumes WTS is already a core/central service. The dependency is hereby moved to the homepage (instead of the ./workspace page) (Centralize WTS refresh token initialization data-portal#1095)
• sheepdog
  • Sheepdog does not rely on configuration files in the cloud-automation repository anymore. The Sheepdog configuration files are in the Sheepdog repository. (PXP-6245 PXP-9633 Poetry + Python 3.9 sheepdog#387)

Breaking changes

• arborist
  • The GET /auth/mapping endpoint does not accept username as a query parameter anymore. It only supports parsing the username from the provided JWT. To specify a username, use the POST /auth/mapping endpoint. (PXP-10229 Client auth mapping arborist#153)
• indexd
  • Ensure you are using Fence>=2021.10. Remove deprecated GA4GH access endpoints. these have existed (and been used) from the Fence microservice since last year. See cloud automation change here (Revert "Revert "fix(migrate): improve acl->authz migration, remove de… indexd#338)

[PlanXCyborg]

gen3staging.kidsfirstdrc.org/manifest.json

Deployment changes

• dashboard
  • This change will add some CSP and CORS related header to the response that returned from the dashboard services. They should not be interruptive, but each team is encouraged to double check their webpages hosted by dashboard to ensure they still works (fix: sec patch gen3-statics#27)
  • Because of these CSP directives being added, starting from this version, if anyone what to load remote scripts in their dashboard-hosted webpages, they will need to update the CSP directives in this dashboard service if the current directives doesn't fit, or to ship the script files with the page (fix: sec patch gen3-statics#27)
• fence
  • Requires a Fence DB migration (PXP-10541 Client credentials rotation fence#1068)
• portal
  • New portal config options to exclude File nodes from the charts added: use "graphql.chartNodesExcludeFiles" to exclude File nodes from graphql chart, or use "components.index.homepageChartNodesExcludeFiles" to exclude File nodes from homepage chart. Note both of them are default to false so you have to explicitly set them to true to enable them (PXP-10565/PPS-177 fix: exclude file nodes from chart with options data-portal#1208)
  • this change assumes WTS is already a core/central service. The dependency is hereby moved to the homepage (instead of the ./workspace page) (Centralize WTS refresh token initialization data-portal#1095)
• sheepdog
  • Sheepdog does not rely on configuration files in the cloud-automation repository anymore. The Sheepdog configuration files are in the Sheepdog repository. (PXP-6245 PXP-9633 Poetry + Python 3.9 sheepdog#387)

Breaking changes

• arborist
  • The GET /auth/mapping endpoint does not accept username as a query parameter anymore. It only supports parsing the username from the provided JWT. To specify a username, use the POST /auth/mapping endpoint. (PXP-10229 Client auth mapping arborist#153)
• indexd
  • Ensure you are using Fence>=2021.10. Remove deprecated GA4GH access endpoints. these have existed (and been used) from the Fence microservice since last year. See cloud automation change here (Revert "Revert "fix(migrate): improve acl->authz migration, remove de… indexd#338)