settings.yaml

enabled_features:
  redirect_legacy_api_urls:
    _DEFAULT: true
  s3_folders:
    _DEFAULT: false
    _HOST_dev: false
    _HOST_prod: false
    _HOST_alpha: false
  justice_auth:
    _DEFAULT: true
    _HOST_dev: true
    _HOST_test: true
    _HOST_prod: true
  cloud_platform_assume_role:
    _DEFAULT: true
    _HOST_dev: true
    _HOST_prod: true
    _HOST_alpha: true
  app_m2m_client:
    _DEFAULT: false
    _HOST_dev: true
    _HOST_prod: false
    _HOST_alpha: false

AWS_SERVICE_URL:
  _HOST_dev: "https://aws.services.dev.analytical-platform.service.justice.gov.uk"
  _HOST_alpha: "https://aws.services.analytical-platform.service.justice.gov.uk"
  _HOST_prod: "https://aws.services.analytical-platform.service.justice.gov.uk"

USER_GUIDANCE_BASE_URL: 'https://user-guidance.services.alpha.mojanalytics.xyz'

GOOGLE_ANALYTICS_ID:
  _HOST_dev: 'UA-151666116-4'
  _HOST_prod: 'UA-151666116-3'
  _HOST_alpha: 'UA-151666116-2'

# Helm repo where tool charts are hosted
HELM_REPO: 'mojanalytics'

HELM_REPOSITORY_CACHE: "/tmp/helm/cache/repository"

# The number of seconds helm should wait for helm delete to complete.
HELM_DELETE_TIMEOUT: 10

# domain where tools are deployed
TOOLS_DOMAIN:
  _DEFAULT: tools.dev.analytical-platform.service.justice.gov.uk
  _HOST_alpha: tools.analytical-platform.service.justice.gov.uk

KIBANA_BASE_URL: 'https://kibana.cloud-platform.service.justice.gov.uk/_plugin/kibana'

GRAFANA_BASE_URL: 'https://grafana.live.cloud-platform.service.justice.gov.uk'


# Name of S3 bucket where logs are stored
LOGS_BUCKET_NAME:
  _DEFAULT: 'moj-analytics-s3-logs-dev'
  _HOST_prod: 'moj-analytics-s3-logs'
  _HOST_alpha: 'moj-analytics-s3-logs'

BUCKET_REGION: 'eu-west-1'

# -- Airflow
AIRFLOW_REGION: "eu-west-1"

AWS_DEFAULT_REGION: "eu-west-1"

APP_DOMAIN_BEFORE_MIGRATION: apps.alpha.mojanalytics.xyz
APP_DOMAIN: apps.live.cloud-platform.service.justice.gov.uk

SLACK_CHANNEL: "#data-platform-notifications"


AWS_ROLES_MAP:
  DEFAULT: AWS_APP_ACCOUNT_ROLE
  USER:
    DEFAULT: AWS_APP_ACCOUNT_ROLE
    AWSROLE: AWS_APP_ACCOUNT_ROLE
    AWSBUCKET: AWS_APP_ACCOUNT_ROLE
    AWSPOLICY: AWS_APP_ACCOUNT_ROLE
    AWSSECRETMANAGER: AWS_APP_ACCOUNT_ROLE
  APP:
    DEFAULT: AWS_APP_ACCOUNT_ROLE
    AWSROLE: AWS_APP_ACCOUNT_ROLE
    AWSBUCKET: AWS_APP_ACCOUNT_ROLE
    AWSPOLICY: AWS_APP_ACCOUNT_ROLE
    AWSPARAMETERSTORE: AWS_APP_ACCOUNT_ROLE
    AWSSECRETMANAGER: AWS_APP_ACCOUNT_ROLE


CUSTOM_AUTH_CONNECTIONS: "auth0_nomis"

AUTH0_NOMIS_GATEWAY_URL: "https://testing.com"


BROADCAST_MESSAGE: >
  We are currently rolling out additional releases to Analytical Platform Tooling (Jupyter
  Lab All Spark, Jupyter Lab Data Science, and RStudio) that enables a new proxy (referred
  to as CDE NGINX). If you experience a 502 Bad Gateway when trying to open a tool, please
  deploy the CDE NGINX variant.


GITHUB_VERSION: "2022-11-28"


OTHER_SYSTEM_SECRETS:
  - ECR_
  - KUBE_

AUTH_SETTINGS_SECRETS:
  - AUTH0_CLIENT_ID
  - AUTH0_CLIENT_SECRET
  - IP_RANGES
  - APP_ROLE_ARN

AUTH_SETTINGS_NO_EDIT:
  - AUTH0_CLIENT_ID
  - AUTH0_CLIENT_SECRET
  - AUTH0_DOMAIN
  - AUTH0_PASSWORDLESS
  - APP_ROLE_ARN

AUTH_SETTINGS_ENVS:
  - AUTH0_DOMAIN
  - AUTHENTICATION_REQUIRED
  - AUTH0_PASSWORDLESS

SECRET_DISPLAY_VALUE: "*******"

AUTH0_CLIENT_NAME_PATTERN: "data-platform-app-{app_name}-{env}"

AUTH0_CLIENT_NAME_LIMIT: 31

APP_URL_NAME_PATTERN:
  DEFAULT: "{app_name}-{env}"
  PROD: "{app_name}"

# This prefix should prevent overlap with other secret/parameter names stored in GitHub
# It will be removed in the app deployment workflow so that users won't need to use it in their code
APP_SELF_DEFINE_SETTING_PREFIX: "XXX_"

S3_FOLDER_BUCKET_NAME:
  # TODO temp folder - update when real bucket has been created
  _DEFAULT: "dev-folder-migration-spike"
  _HOST_test: "test-folder-bucket"
  _HOST_dev: "dev-folder-migration-spike"


WORKER_HEALTH_FILENAME: "/tmp/worker_health.txt"
USE_LOCAL_MESSAGE_BROKER: false
BROKER_URL: "sqs://"