Merge pull request #282 from developmentseed/develop

V 1.0.0

.env.sample

@@ -5,7 +5,7 @@
 STACKNAME=nasa-apt-dev
 
 # s3 endpoint (for local dev environment)
-S3_ENDPOINT=http://localstack:4572
+S3_ENDPOINT=http://localstack:4566
 
 # s3 bucket name for pdf serialization cache. used by cloudformation/deploy.sh and by docker-compose.yml
 PDFS_S3_BUCKET=nasa-apt-dev-pdfs
@@ -15,3 +15,23 @@ FIGURES_S3_BUCKET=nasa-apt-dev-figures
 
 # postgrest api
 REST_API_ENDPOINT=http://rest-api:3000
+
+# url for database
+DBURL=postgres://masteruser:password@db:5432/nasadb
+
+# url for elasticsearch
+ELASTICURL=http://localhost:9200
+
+# url for FastApi
+FASTAPI_HOST=http://localhost:8000
+
+# Frontend Url used to set CORS origin for FastAPI
+APT_FRONTEND_URL=http://nasa-apt-eltest-application.s3-website-us-east-1.amazonaws.com
+
+# url for SAML IDP metadata
+# IDP_METADATA_URL=https://dbspatial.us.auth0.com/samlp/metadata/vEJRZ0X6OtSMzkhBqIUMM62KDJhSNyG3
+# IDP_METADATA_URL=https://auth.launchpad-sbx.nasa.gov/unauth/metadata/launchpad-sbx.idp.xml
+# IDP_METADATA_URL=mock # Setting IDP_METADATA_URL=mock will bypass use of an idp server and will allow anyone to log in by going to  /saml/sso
+
+# Note: If the JWT_SECRET isn't sufficiently long, postgrest may complain
+JWT_SECRET=lksdjlkasjasdlkjasdlkjfdlasdfkkllkjasdfhlksdjlkasdjasdlkjasdlkjsdflkjwelkwejrlkrjwlkwejlwekjrwelkrjewlkrjwelkrj

.gitignore

@@ -6,3 +6,4 @@ ecs/tex/Misc Test Files
 venv
 .env
 .resources
+.vscode

README.md

@@ -1,23 +1,21 @@
 # nasa-apt
 
-**Version:** 0.3.0
+**Version:** 1.0.0
 
 ## Local development
 Code and issues relevant to the NASA APT project
 
-[![CircleCI](https://circleci.com/gh/developmentseed/nasa-apt/tree/develop.svg?style=svg&circle-token=ffc901ab7ce00ffa5cef07cce59ff64a2c635d2b)](https://circleci.com/gh/developmentseed/nasa-apt/tree/develop)
-
 The project API is built using [Postgrest](https://github.com/PostgREST/postgrest).
 
 The startserver script uses `docker-compose` to build and run the development environment and
-sample database: 
+sample database:
 
 ```shell script
 ./startserver.sh
 ```
 
 This will create a complete development environment with an instance of the DB, the REST API, `localstack` for s3, and
-the PDF serialization service.
+the FastAPI Search / PDF serialization service.
 
 - The Swagger API documentation is accessible via [http://localhost:8080](http://localhost:8080).
 - The REST API is accessible via [http://localhost:3000](http://localhost:3000).
@@ -58,29 +56,28 @@ cd cloudformation
 ```
 
 You will be prompted for a stack name and a master db password.  The current
-stacks are `nasa-aptv2-staging` and `nasa-aptv2-production`.
+stack is `nasa-apt-v5-prod`
 
 After the stack has been successfully deployed you can create the database tables.
-You will need an installation of the `psql` command line client.  
+You will need an installation of the `psql` command line client.
 
-You will also need to update the RDS instance's security policy to allow inbound traffic from the IP address of the machine where you 
+You will also need to update the RDS instance's security policy to allow inbound traffic from the IP address of the machine where you
 are executing the deployment. (see Resources | DBInstance | Security and Network | Security Groups |
-Edit inbound rules | Custom TCP, Port 5432, My IP). 
+Edit inbound rules | Custom TCP, Port 5432, My IP).
 
 To create the schema and tables in the AWS RDS from the project root run
 ```shell script
 cd db
 ./sqitch deploy --verify db:pg://{yourmasteruser}:{yourmasterpassword}@{yourRDSendpoint}:5432/nasadb
 ```
 
-Because of PostgREST's schema reloading [model](http://postgrest.org/en/v5.2/admin.html#schema-reloading) some 
-underlying database changes may require a forced redeployment of the PostgREST ECS service to reflect the changes. (See Note in 
+Because of PostgREST's schema reloading [model](http://postgrest.org/en/v5.2/admin.html#schema-reloading) some
+underlying database changes may require a forced redeployment of the PostgREST ECS service to reflect the changes. (See Note in
 [Environments](#environments))
 
 ## Environments
 There are currently 2 environments defined for NASA-APT, which follow specific branches
-- Staging (`develop`): http://nasa-Publi-1UDVJHRLIQD2G-1353740340.us-east-1.elb.amazonaws.com
-- Production (`master`): http://nasa-Publi-1LGW8ZYHL7SF7-1834206210.us-east-1.elb.amazonaws.com
+- Production (`master`): https://apt.ds.io
 
 **Given that deployment is a manual process it is important that the environments are kept up to date after a merge to `master` or `develop`.**
 
@@ -94,20 +91,20 @@ Steps to deploy:
 
 ```shell script
 aws ecs update-service --force-new-deployment --cluster <cluster-id> --service <service-arn>
-# e.g. 
-aws ecs update-service --force-new-deployment --cluster stackname-ECSCluster-nWSsDVGj9NXS --service stackname-svc-pgr 
+# e.g.
+aws ecs update-service --force-new-deployment --cluster stackname-ECSCluster-nWSsDVGj9NXS --service stackname-svc-pgr
 # then wait until the service's desired count == the running count (this will take about 10 minutes)
 ```
 
-## Updating the PDF service
-The PDF generation service uses docker and it is stored on amazon ECR. During the first cloudformation deployment, the container is created and uploaded, but subsequent updates need to be performed manually.  
-We're currently using a single ECR repo (nasa-apt/prod/pdf) to store the container and it is shared between the production and staging environments.
+## Updating the FastAPI (PDF/Search) service
+The PDF generation service uses docker and it is stored on amazon ECR. During the first cloudformation deployment, the container is created and uploaded, but subsequent updates need to be performed manually.
+We're currently using a single ECR repo (nasa-apt/prod/fastapi) to store the container and it is shared between the production and staging environments.
 
 1) Build the container
 ```
-cd nasa-apt/pdf/
-# from the pdf/Readme
-docker build --target prod . -t nasa-apt/prod/pdf
+cd nasa-apt/fastapi/
+# from the fastapi/Readme
+docker build --target prod . -t nasa-apt/prod/fastapi
 ```
 2) Go to the [ECR page](https://us-east-1.console.aws.amazon.com/ecr/repositories?region=us-east-1), select the correct repo and click "View Push Commands".
 3) Follow steps 1, 3, and 4.
@@ -116,13 +113,16 @@ docker build --target prod . -t nasa-apt/prod/pdf
 aws ecs update-service --force-new-deployment --cluster <cluster> --service <service>
 ```
 
+## Notes
+The PDF serialization service supports unicode characters in text mode. The service uses the font `Latin Modern Math` which has a good coverage of unicode math symbols. See a list of symobls here: https://ctan.math.illinois.edu/macros/latex/contrib/unicode-math/unimath-symbols.pdf
+A symbol which is not covered by the font will be rendered as a blank space. Unicode characters used in LaTeX math mode will not be rendered.
 
 ## Releases
 
 **A new release should be created every time there's a merge to master.**
 
-Releases are tied to a version number and created manually using GH's releases page.  
-The version in this README should be increased according to [semver](https://semver.org/) and the release tag should follow the format `v<major>.<minor>.<patch>`, ex: `v2.0.1`.  
+Releases are tied to a version number and created manually using GH's releases page.
+The version in this README should be increased according to [semver](https://semver.org/) and the release tag should follow the format `v<major>.<minor>.<patch>`, ex: `v2.0.1`.
 The release description should have a [changelog](https://gist.github.com/vgeorge/e6fd828987b2f7d62a447df2bd132c4a) with "Features", "Improvements" and "Fixes".
 
 

cloudformation/README.txt

@@ -0,0 +1,18 @@
+Instructions for changing a Load Balancer to use HTTPS
+
+1) Deploy the stack using Cloudformation
+2) Find the Load Balancer for the stack at https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#LoadBalancers:sort=loadBalancerName
+3) Select the checkbox for the Load Balancer and check on the Listeners tab in the box at the bottom
+4) Click "Add listener"
+5) Select HTTPS 443
+6) Select "+ Add action" -> Forward to -> <stackname>-dummyTarget
+7) Select "From ACM" and "apt.ds.io - ..." under Default SSL Certificate
+8) Hit Save in the upper right and then the Back arrow next to Listeners in the upper left
+9) Back at the bottom, select view/edit rules under the entry you just created
+10) Click the + button then "+ Insert Rule"
+11) Add the following rules making sure they end up in this order:
+ - IF Path is /saml/* THEN Forward to <stackname>-tg-fastapi
+ - IF Path is /fastapi/* THEN Forward to <stackname>-tg-fastapi
+ - IF Path is /* THEN Forward to <stackname>-tg-pgr
+ 12) Go back to the list of  Listeners and then to the HTTP 80 view/edit rules Remove all but the dummy rule
+ 13) Have Olaf or someone with Route53 Permissions move apt.ds.io (or setup a new domain) to point to that load balancer