managed-care-review is configured using env vars.
Different env vars can be set in different environments [local dev, review apps, dev, staging, prod] to configure things differently. Environment variables are individually mapped in the deploy and promote Github workflows for use in deployments. If a new environment variable is added, it should be mapped there as well.
For local dev, we use .envrc and .envrc.local to set the appropriate environment variables. .envrc is loaded first, then .envrc.local, so if you need to set anything differently for your local environment you can set it in there. For more details, see the direnv docs.
Also, CreateReactApp only loads env vars that start with REACT_APP_, so any configuration that needs to be read by app-web must start that way.
Read by app-api and app-web and Cypress.
valid values: LOCAL, AWS_COGNITO, IDM
This tells the application how to perform authentication.
LOCAL means to use local auth. Make no requests to cognito, there is custom auth UI in app-web to pick a user. app-web then sends the user as a JSON blob in a header that serverless-offline dumps into the context of our lambda's execution
AWS_COGNITO means to use AWS Cognito User Pools for auth. There is UI for creating and logging in with cognito in app-web and app-api can fetch user information from those users using a cognito api as well.
IDM means to use CMS IDM as the auth provider. This is what is set in dev/val/prod. Users will be redirected to login in IDM and then redirected back to our site. Cognito will create users in a special Okta user pool and then everything will work the same as if you were auth'd with AWS_COGNITO above.
Read by app-web
valid values: A URL where app-api is running
This is the base URL that all requests are sent to from app-web
Read by app-api
- REACT_APP_COGNITO_REGION
- REACT_APP_COGNITO_ID_POOL_ID
- REACT_APP_COGNITO_USER_POOL_ID
- REACT_APP_COGNITO_USER_POOL_CLIENT_ID
- REACT_APP_COGNITO_USER_POOL_CLIENT_DOMAIN
These four env vars configure cognito auth from the browser. They are ignored if REACT_APP_AUTH_MODE is set to LOCAL and thus are only set in deployed environments.
Read by app-web
valid values: A URL where a running app-web can be reached
It's used as the redirects for login by app-web when it configures login via IDM.
Read by app-api
Generated by ./scripts/app_version.sh as part of the build process, this is a short git hash of the running commit, with '-dirty' appended to it if it's not a clean git checkout.
Read by ui-auth
This is the metatdata URL configured for reaching out to Otka auth. Reqired for IDM type auth.
Read by app-web
This is used for rudimentary feature flags, allow us to switch things off and on based on deploy environment
Read by app-api to securely pull secrets out of AWS Secrets Manager. Only set in AWS deployed environments, not used locally. This is the name of the secret to pull out of SM, which is scoped by review-app.
Read by app-api in configuring our connection to postgres. Required.
Must be set to a valid postgres:// url or the sentinel value of AWS_SM in which case the correct values will be pulled out of AWS Secrets Manager (which requires SECRETS_MANAGER_SECRET) be set.
Read by app-web
- REACT_APP_S3_DOCUMENTS_BUCKET
The name of the bucket that documents are uploded to as part of the state submission form.
- REACT_APP_S3_REGION
The region in AWS where the bucket is located. Cannot be set if REACT_APP_S3_LOCAL_URL is set.
- REACT_APP_S3_LOCAL_URL
The local URL where an s3 server is being run. Cannot be set if REACT_APP_S3_REGION is set.
Read by app-api
Determines which emailer to use, local or AWS SES emailer. Valid values are LOCAL or SES
Read by app-api
Sets the "from" address for all emails sent by the system. This address must have been added to SES and validated there, in order to work.
Read by app-api
Sets the "to" addresses for generic emails sent to the shared CMS inbox (there may be multiple). Value is comma separated string.
Read by app-api
Sets additional "to" addresses for emails about packages that contain rates, sent to rate reviewers (there may be multiple). Value is comma separated string.
Read by app-api
Sets additional "to" addresses for emails about packages that contain rates, sent to rate reviewers (there may be multiple). Value is comma separated string.
Read by app-api
Single email addresses, used in email bodies to indicate where a state user could go for help with any issues about the submission.
Read by CI for deploys, add_cypress_test_users.ts, ./dev local web --hybrid
Configures the secrets necessary to interact with AWS services. Can be generated by CloudTamer for local use.
Read by app-web
Used in dev/val/prod to set https certs and host names
Read by app-api, postgres, ui-auth, uploads
Much of our infra sits inside this permissions boundary.
Read by Slack Alert Notifier
This is the webhook URL for sending alerts to our alerts channel
Read by the Create Test Users action and Cypress in AWS_COGNITO mode
This is how we set the test users password configured for all review apps
Read by the create deployment CI task, Cypress
This is an auth token provided by GH in Actions that allows CI to make calls to the GH API.
Read by Cypress in CI
This is the key used by Cypress to send results to Cypress Dashboard.
Read by codeclimate-action
This key allows uploads to CodeClimate for our code coverage stats.
Read by Trace Context
This URL defines where we export traces to. It should differ between local dev and deployed environments.