From 48922e2dfcfe812276ee47f02bf19c68b23da479 Mon Sep 17 00:00:00 2001 From: moschi <3644762+moschetti@users.noreply.github.com> Date: Wed, 7 Apr 2021 14:40:26 -0700 Subject: [PATCH 01/28] Update deployment docs for xpnAdmin --- deployment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index 42a6ce1a96..6f3c099896 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -88,7 +88,7 @@ The deployment process takes the following approach: 1. Confirm you have access to a user account with the following Cloud IAM roles: - `roles/resourcemanager.folderAdmin` for the folder you created - `roles/resourcemanager.projectCreator` for the folder you created - - `roles/compute.xpnAdmin` for the folder you created + - `roles/compute.xpnAdmin` for the organization (note, this permission must be at the organization level not the folder level) - `roles/billing.admin` for the billing account that you will use 1. Use the [groups manager](https://console.cloud.google.com/identity/groups) to [create](https://support.google.com/a/answer/33343?hl=en) the following administrative [IAM](https://cloud.google.com/iam/docs/overview#concepts_related_identity) groups that will be used during deployment: From dca924e66941bebcfb2bdccbae0865723cd09e18 Mon Sep 17 00:00:00 2001 From: moschi <3644762+moschetti@users.noreply.github.com> Date: Wed, 7 Apr 2021 14:47:06 -0700 Subject: [PATCH 02/28] Update whats-new.md for 2.0.4 --- documentation/whats-new.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/documentation/whats-new.md b/documentation/whats-new.md index 3766c9897f..6e064d0fa7 100644 --- a/documentation/whats-new.md +++ b/documentation/whats-new.md @@ -7,6 +7,11 @@ > Subscribe to [mystudies-announce@googlegroups.com](https://groups.google.com/g/mystudies-announce/) to receive release notifications and announcements +# Release 2.0.4 +* Upgrade to newer - HTTP/2-based Apple Push Notification service (APNs) [#3417](https://github.com/GoogleCloudPlatform/fda-mystudies/issues/3364) +* Fix app container build issue [#3409](https://github.com/GoogleCloudPlatform/fda-mystudies/issues/3409) +* Update deployment instructions for Shared VPC Admin + # Release 2.0.3 * Added [database migration tools](/db-migration/README.md) using Flyway to support upgrades * Added [API documentation](/documentation/API/README.md) using Swagger libraries From ef593932947714d107b25b7509940d24736ed66d Mon Sep 17 00:00:00 2001 From: Haris Hasan <69199888+harisboston@users.noreply.github.com> Date: Mon, 12 Jul 2021 15:35:57 +0530 Subject: [PATCH 03/28] Fixed 3173 https://github.com/GoogleCloudPlatform/fda-mystudies/issues/3173 --- deployment/scripts/create_study_builder_superadmin.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/scripts/create_study_builder_superadmin.sh b/deployment/scripts/create_study_builder_superadmin.sh index fdeec48789..1bf12838b3 100755 --- a/deployment/scripts/create_study_builder_superadmin.sh +++ b/deployment/scripts/create_study_builder_superadmin.sh @@ -42,9 +42,9 @@ ACCESS_CODE=`cat /dev/urandom | LC_ALL=C tr -dc 'a-z0-9' | fold -w 6 | head -n 1 # e.g. 2018-01-18 14:36:41 DATETIME=`date +"%F %T"` if [[ "$OSTYPE" == "darwin"* ]]; then -EXPIRY_DATETIME=`date -v -90d +"%F %T"` +EXPIRY_DATETIME=`date -v -91d +"%F %T"` else # linux -EXPIRY_DATETIME=`date -d -90days +"%F %T"` +EXPIRY_DATETIME=`date -d -91days +"%F %T"` fi echo "DELETE FROM user_permission_mapping WHERE user_id=1;" >> ${TMPFILE} From 9f62083041471af892910d1838c7d89de03289d2 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 12 Oct 2021 17:30:33 +0530 Subject: [PATCH 04/28] Update README.md --- deployment/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index 667925f415..9bac1c3d25 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -256,7 +256,6 @@ The deployment process takes the following approach: gsutil cp \ ${GIT_ROOT}/study-builder/sqlscript/* \ ${GIT_ROOT}/response-datastore/sqlscript/mystudies_response_server_db_script.sql \ - ${GIT_ROOT}/participant-datastore/sqlscript/mystudies_app_info_update_db_script.sql \ ${GIT_ROOT}/participant-datastore/sqlscript/mystudies_participant_datastore_db_script.sql \ ${GIT_ROOT}/auth-server/sqlscript/mystudies_oauth_server_hydra_db_script.sql \ ${GIT_ROOT}/hydra/sqlscript/create_hydra_db_script.sql \ From b323b39fc6833f76c0804b24d347dbe6c1c4e415 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 12 Oct 2021 18:16:25 +0530 Subject: [PATCH 05/28] Update mystudies.hcl --- deployment/mystudies.hcl | 6 ------ 1 file changed, 6 deletions(-) diff --git a/deployment/mystudies.hcl b/deployment/mystudies.hcl index 24473046fe..e675c9e0c2 100644 --- a/deployment/mystudies.hcl +++ b/deployment/mystudies.hcl @@ -996,12 +996,6 @@ data "google_secret_manager_secret_version" "secrets" { "manual-terms-url", "manual-privacy-url", "manual-fcm-api-url", - "manual-mobile-app-appid", - "manual-android-bundle-id", - "manual-android-server-key", - "manual-ios-bundle-id", - "manual-ios-certificate", - "manual-ios-certificate-password", "manual-ios-deeplink-url", "manual-android-deeplink-url", "auto-auth-server-encryptor-password", From c5faddff7cb343d5a88b129c36604644244e891c Mon Sep 17 00:00:00 2001 From: Rashi-395 Date: Mon, 18 Oct 2021 11:37:48 +0530 Subject: [PATCH 06/28] #4217 --- .../app-details/app-details.component.html | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/participant-manager/src/app/site-coordinator/apps/app-details/app-details.component.html b/participant-manager/src/app/site-coordinator/apps/app-details/app-details.component.html index 967cd1385d..b2b7458bd7 100644 --- a/participant-manager/src/app/site-coordinator/apps/app-details/app-details.component.html +++ b/participant-manager/src/app/site-coordinator/apps/app-details/app-details.component.html @@ -17,7 +17,6 @@
From 6c627785b9e94fe4e6200686b4ea52654948f9f1 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 18 Oct 2021 19:55:12 +0530 Subject: [PATCH 07/28] Update README.md --- deployment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index 9bac1c3d25..db3114fc97 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -339,7 +339,7 @@ The deployment process takes the following approach: `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` - `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` + `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be alias to `manual-mystudies-email-address` or you have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` `manual-mystudies-smtp-use-ip-allowlist` | Typically ‘false’; if ‘true’, the platform will not authenticate to the email server and will rely on the allowlist configured in the SMTP service | Set this value to `true` or `false` now (you can update it later) | `echo -n "false" \| gcloud secrets versions add "manual-mystudies-smtp-use-ip-allowlist" --data-file=-` From 03fc028e78b78caa47f49ac6af0d7a60d5c9d186 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 18 Oct 2021 19:58:40 +0530 Subject: [PATCH 08/28] Update README.md --- deployment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index db3114fc97..e42af20e07 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -339,7 +339,7 @@ The deployment process takes the following approach: `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` - `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be alias to `manual-mystudies-email-address` or you have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` + `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be alias to `manual-mystudies-email-address` or We have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` `manual-mystudies-smtp-use-ip-allowlist` | Typically ‘false’; if ‘true’, the platform will not authenticate to the email server and will rely on the allowlist configured in the SMTP service | Set this value to `true` or `false` now (you can update it later) | `echo -n "false" \| gcloud secrets versions add "manual-mystudies-smtp-use-ip-allowlist" --data-file=-` From b5f9b42c2e22598e5b3276aa10082c3133fd9141 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 18 Oct 2021 20:22:37 +0530 Subject: [PATCH 09/28] Update README.md --- deployment/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index e42af20e07..786fa3cdbc 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -338,7 +338,6 @@ The deployment process takes the following approach: --------------------------|-------------------|----------------------|------------------- `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` - `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be alias to `manual-mystudies-email-address` or We have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` From f32d479e575d0d3952ddbaa9f6a5bf600ded84b6 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 18 Oct 2021 20:27:22 +0530 Subject: [PATCH 10/28] Update mystudies.hcl --- deployment/mystudies.hcl | 5 ----- 1 file changed, 5 deletions(-) diff --git a/deployment/mystudies.hcl b/deployment/mystudies.hcl index e675c9e0c2..a7d995afd7 100644 --- a/deployment/mystudies.hcl +++ b/deployment/mystudies.hcl @@ -135,9 +135,6 @@ template "project_secrets" { { secret_id = "manual-mystudies-from-email-address" }, - { - secret_id = "manual-mystudies-contact-email-address" - }, { secret_id = "manual-mystudies-from-email-domain" }, @@ -986,7 +983,6 @@ data "google_secret_manager_secret_version" "secrets" { [ "manual-mystudies-email-address", "manual-mystudies-email-password", - "manual-mystudies-contact-email-address", "manual-mystudies-from-email-address", "manual-mystudies-from-email-domain", "manual-mystudies-smtp-hostname", @@ -1122,7 +1118,6 @@ resource "kubernetes_secret" "email_credentials" { data = { email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-address"].secret_data email_password = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-password"].secret_data - contact_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-contact-email-address"].secret_data from_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-address"].secret_data from_email_domain = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-domain"].secret_data smtp_hostname = data.google_secret_manager_secret_version.secrets["manual-mystudies-smtp-hostname"].secret_data From 3f3df76e883832710f759780a817a336e806c1d8 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 18 Oct 2021 20:31:16 +0530 Subject: [PATCH 11/28] Update main.tf --- deployment/terraform/kubernetes/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployment/terraform/kubernetes/main.tf b/deployment/terraform/kubernetes/main.tf index 12f5b88413..59db668cb1 100644 --- a/deployment/terraform/kubernetes/main.tf +++ b/deployment/terraform/kubernetes/main.tf @@ -87,7 +87,6 @@ data "google_secret_manager_secret_version" "secrets" { [ "manual-mystudies-email-address", "manual-mystudies-email-password", - "manual-mystudies-contact-email-address", "manual-mystudies-from-email-address", "manual-mystudies-from-email-domain", "manual-mystudies-smtp-hostname", @@ -223,7 +222,6 @@ resource "kubernetes_secret" "email_credentials" { data = { email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-address"].secret_data email_password = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-password"].secret_data - contact_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-contact-email-address"].secret_data from_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-address"].secret_data from_email_domain = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-domain"].secret_data smtp_hostname = data.google_secret_manager_secret_version.secrets["manual-mystudies-smtp-hostname"].secret_data From 8c960ffe48489bcc5690cce4940e7cf2beea7bc1 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 18 Oct 2021 20:34:01 +0530 Subject: [PATCH 12/28] Update main.tf --- deployment/terraform/example-dev-secrets/main.tf | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/deployment/terraform/example-dev-secrets/main.tf b/deployment/terraform/example-dev-secrets/main.tf index 15d6db41b4..974b05c31f 100644 --- a/deployment/terraform/example-dev-secrets/main.tf +++ b/deployment/terraform/example-dev-secrets/main.tf @@ -151,22 +151,6 @@ resource "google_secret_manager_secret" "manual_mystudies_from_email_address" { } -resource "google_secret_manager_secret" "manual_mystudies_contact_email_address" { - provider = google-beta - - secret_id = "manual-mystudies-contact-email-address" - project = module.project.project_id - - replication { - user_managed { - replicas { - location = "us-central1" - } - } - } -} - - resource "google_secret_manager_secret" "manual_mystudies_from_email_domain" { provider = google-beta From d5c4e380686dc91fc31b4a347c649f23dc2f8fb5 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 21:15:35 +0530 Subject: [PATCH 13/28] Update README.md --- deployment/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/README.md b/deployment/README.md index 786fa3cdbc..e42af20e07 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -338,6 +338,7 @@ The deployment process takes the following approach: --------------------------|-------------------|----------------------|------------------- `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` + `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be alias to `manual-mystudies-email-address` or We have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` From 8d98ccd9fc0a47d842d94295d8e6340b3230e9c0 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 21:18:46 +0530 Subject: [PATCH 14/28] Update main.tf --- deployment/terraform/example-dev-secrets/main.tf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/deployment/terraform/example-dev-secrets/main.tf b/deployment/terraform/example-dev-secrets/main.tf index 974b05c31f..7714c6ed8f 100644 --- a/deployment/terraform/example-dev-secrets/main.tf +++ b/deployment/terraform/example-dev-secrets/main.tf @@ -151,6 +151,22 @@ resource "google_secret_manager_secret" "manual_mystudies_from_email_address" { } +resource "google_secret_manager_secret" "manual_mystudies_contact_email_address" { + provider = google-beta + + secret_id = "manual-mystudies-contact-email-address" + project = module.project.project_id + + replication { + user_managed { + replicas { + location = "us-central1" + } + } + } +} + + resource "google_secret_manager_secret" "manual_mystudies_from_email_domain" { provider = google-beta From 9f1ffc647ff7f71d24d6ba2e375d96a6a7f7a309 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 21:20:29 +0530 Subject: [PATCH 15/28] Update main.tf --- deployment/terraform/kubernetes/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/terraform/kubernetes/main.tf b/deployment/terraform/kubernetes/main.tf index 59db668cb1..12f5b88413 100644 --- a/deployment/terraform/kubernetes/main.tf +++ b/deployment/terraform/kubernetes/main.tf @@ -87,6 +87,7 @@ data "google_secret_manager_secret_version" "secrets" { [ "manual-mystudies-email-address", "manual-mystudies-email-password", + "manual-mystudies-contact-email-address", "manual-mystudies-from-email-address", "manual-mystudies-from-email-domain", "manual-mystudies-smtp-hostname", @@ -222,6 +223,7 @@ resource "kubernetes_secret" "email_credentials" { data = { email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-address"].secret_data email_password = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-password"].secret_data + contact_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-contact-email-address"].secret_data from_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-address"].secret_data from_email_domain = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-domain"].secret_data smtp_hostname = data.google_secret_manager_secret_version.secrets["manual-mystudies-smtp-hostname"].secret_data From 6b526155fa87f320e172cf5513f4f7543a76dd4c Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 21:24:41 +0530 Subject: [PATCH 16/28] Update mystudies.hcl --- deployment/mystudies.hcl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deployment/mystudies.hcl b/deployment/mystudies.hcl index a7d995afd7..1a679bbe79 100644 --- a/deployment/mystudies.hcl +++ b/deployment/mystudies.hcl @@ -135,6 +135,9 @@ template "project_secrets" { { secret_id = "manual-mystudies-from-email-address" }, + { + secret_id = "manual-mystudies-contact-email-address" + }, { secret_id = "manual-mystudies-from-email-domain" }, @@ -983,6 +986,7 @@ data "google_secret_manager_secret_version" "secrets" { [ "manual-mystudies-email-address", "manual-mystudies-email-password", + "manual-mystudies-contact-email-address", "manual-mystudies-from-email-address", "manual-mystudies-from-email-domain", "manual-mystudies-smtp-hostname", @@ -1118,6 +1122,7 @@ resource "kubernetes_secret" "email_credentials" { data = { email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-address"].secret_data email_password = data.google_secret_manager_secret_version.secrets["manual-mystudies-email-password"].secret_data + contact_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-contact-email-address"].secret_data from_email_address = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-address"].secret_data from_email_domain = data.google_secret_manager_secret_version.secrets["manual-mystudies-from-email-domain"].secret_data smtp_hostname = data.google_secret_manager_secret_version.secrets["manual-mystudies-smtp-hostname"].secret_data From 7a26802b6e60f0ad9e764bb3d9ecf076b62e5bcc Mon Sep 17 00:00:00 2001 From: mohank Date: Tue, 19 Oct 2021 16:03:02 +0000 Subject: [PATCH 17/28] format --- deployment/terraform/example-dev-secrets/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/terraform/example-dev-secrets/main.tf b/deployment/terraform/example-dev-secrets/main.tf index 7714c6ed8f..15d6db41b4 100644 --- a/deployment/terraform/example-dev-secrets/main.tf +++ b/deployment/terraform/example-dev-secrets/main.tf @@ -166,7 +166,7 @@ resource "google_secret_manager_secret" "manual_mystudies_contact_email_address" } } - + resource "google_secret_manager_secret" "manual_mystudies_from_email_domain" { provider = google-beta From 7c5e53f36bc4886bad042a2e6a0d1bf2121e0d22 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 22:41:44 +0530 Subject: [PATCH 18/28] Update README.md --- deployment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index e42af20e07..a8fd30f354 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -339,7 +339,7 @@ The deployment process takes the following approach: `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` - `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be alias to `manual-mystudies-email-address` or We have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` + `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be an alias of manual-mystudies-email-address. Alternaitvely, provide the same email as manual-mystudies-email-address here as well.` or We have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` `manual-mystudies-smtp-use-ip-allowlist` | Typically ‘false’; if ‘true’, the platform will not authenticate to the email server and will rely on the allowlist configured in the SMTP service | Set this value to `true` or `false` now (you can update it later) | `echo -n "false" \| gcloud secrets versions add "manual-mystudies-smtp-use-ip-allowlist" --data-file=-` From 15efb7828b4c1a7faf528668cfa95700ad214264 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 22:43:51 +0530 Subject: [PATCH 19/28] Update README.md --- deployment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index a8fd30f354..bf57c54918 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -339,7 +339,7 @@ The deployment process takes the following approach: `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` - `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be an alias of manual-mystudies-email-address. Alternaitvely, provide the same email as manual-mystudies-email-address here as well.` or We have to use the same `manual-mystudies-email-address` value | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` + `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be an alias of manual-mystudies-email-address. Alternaitvely, provide the same email as manual-mystudies-email-address here as well | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` `manual-mystudies-smtp-use-ip-allowlist` | Typically ‘false’; if ‘true’, the platform will not authenticate to the email server and will rely on the allowlist configured in the SMTP service | Set this value to `true` or `false` now (you can update it later) | `echo -n "false" \| gcloud secrets versions add "manual-mystudies-smtp-use-ip-allowlist" --data-file=-` From 0c3a590ec539167eeef2c6236ec7951fa799ae16 Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Tue, 19 Oct 2021 22:46:45 +0530 Subject: [PATCH 20/28] Update README.md --- deployment/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/README.md b/deployment/README.md index bf57c54918..d43ccabb0c 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -339,7 +339,7 @@ The deployment process takes the following approach: `manual-mystudies-email-address` | The login of the email account you want MyStudies to use to send system-generated emails | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-address" --data-file=-` `manual-mystudies-email-password` | The password for that email account | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-email-password" --data-file=-` `manual-mystudies-contact-email-address` | The email address that the in-app contact and feedback forms will send messages to | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-contact-email-address" --data-file=-` - `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be an alias of manual-mystudies-email-address. Alternaitvely, provide the same email as manual-mystudies-email-address here as well | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` + `manual-mystudies-from-email-address` | The return email address that is shown is system-generated messages (for example, `no-reply@example.com`) This email should be an alias of `manual-mystudies-email-address`. Alternaitvely, provide the same email as `manual-mystudies-email-address` here as well | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-address" --data-file=-` `manual-mystudies-from-email-domain` | The domain of the above email address (just the value after “@”) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-from-email-domain" --data-file=-` `manual-mystudies-smtp-hostname` | The hostname for your email account’s SMTP server (for example, `smtp.gmail.com`) | Set this value now or enter a placeholder | `echo -n "" \| gcloud secrets versions add "manual-mystudies-smtp-hostname" --data-file=-` `manual-mystudies-smtp-use-ip-allowlist` | Typically ‘false’; if ‘true’, the platform will not authenticate to the email server and will rely on the allowlist configured in the SMTP service | Set this value to `true` or `false` now (you can update it later) | `echo -n "false" \| gcloud secrets versions add "manual-mystudies-smtp-use-ip-allowlist" --data-file=-` From 2ad0ec6940308dbf3df111478d0a3966999068b7 Mon Sep 17 00:00:00 2001 From: andrew moschetti Date: Wed, 20 Oct 2021 14:29:02 -0700 Subject: [PATCH 21/28] Update documentation for 2.0.8 --- deployment/README.md | 90 +++++++++++++++++++++++++++++++++++++- documentation/whats-new.md | 9 ++++ iOS/README.md | 6 ++- 3 files changed, 102 insertions(+), 3 deletions(-) diff --git a/deployment/README.md b/deployment/README.md index d43ccabb0c..7a673b6da0 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -444,12 +444,23 @@ The deployment process takes the following approach: 1. Navigate your browser to `studies.{PREFIX}-{ENV}.{DOMAIN}/studybuilder/` (the trailing slash is necessary) and use the account credentials that you created with the `create_study_builder_superadmin.sh` script to log into the [`Study builder`](/study-builder/) user interface 1. Change your password, then create any additional administrative accounts that you might need -1. Create a new study with the `App ID` that you set in the `manual-mobile-app-appid` secret, or choose a new `App ID` that you will update `manual-mobile-app-appid` with -1. Publish your study to propagate your study values to the other platform components +1. Create a new app record in the Apps section. Read more about creating and managing apps in the next section. +1. Create a new study in the Studies section and associate it with the app you want it to appear in. +1. Publish your study to propagate your study values to the other platform components. 1. Navigate your browser to `participants.{PREFIX}-{ENV}.{DOMAIN}/participant-manager/` (the trailing slash is necessary), then use the account credentials that you created with the `create_participant_manager_superadmin.sh` script to log into the [`Participant manager`](/participant-manager/) user interface (if the `Participant Manager` application fails to load, confirm you are using `https` - this deployment requires `https` to be fully operational) 1. You will be asked to change your password; afterwards you can create any additional administrative accounts that you might need 1. Confirm your new study is visible in the `Participant manager` interface +### Manage apps in the Study Builder +1. You can use the `Apps` section in the Study Builder to create and manage multiple mobile apps running off a single deployment of the platform. +1. Start by creating a new app record by filling out the required fields. +1. Once an app record is created, studies can be mapped to it in the Studies section. +1. To start testing an app, fill out additional required app configurations in the Study Builder, and `publish` the app to propagate the app’s properties to other platform components that need them. Confirm your app is visible in the Participant manager interface. If you are testing out a new version of an app which already exists in the app stores, ensure you retain current app version information in the Developer Configurations section for as long as you are testing the app. +1. Once the app is tested and ready to go to the app stores, update or finalize these app properties to correspond to the app store version of the app that will go live, and publish the latest values, again using the `Publish App` action. If you are pushing out a new version of an existing app to the app stores, and wish to enforce an app update, make sure you set the `Force upgrade` field to `No` initially, until your app is approved and available to end users in the app stores, and update it to `Yes` only after that and publish the app again. +1. Once the app is live, also mark the app as `distributed` to prevent inadvertent changes to key configurations that drive your live app. +1. Barring these few key configurations, most other app properties can be updated after the app is live. +1. Note: Any from email addresses that you configure in the app’s properties must be an [alias](https://support.google.com/mail/answer/22370) of the `manual-mystudies-email-address` that is configured in the Secret Manager as part of the platform deployment process. If an alias is not available, please use the same email here. [This Github issue](https://github.com/GoogleCloudPlatform/fda-mystudies/issues/4104) has additional detail on the alias requirements. + ### Clean up 1. Remove your user account from the groups you no longer need access to @@ -587,5 +598,80 @@ To add the bucket to the shared secrets, create a new working branch and make th -f $GIT_ROOT/study-builder/tf-deployment.yaml ``` +### Managing apps (2.0.8 upgrade) + +Release 2.0.8 added functionality to support managing mobile apps in the deployment with the Study Builder interface. This requires that apps that are running in existing deployments must be updated (and new versions published to the app stores) if the deployment is being upgraded to 2.0.8 or greater. + +#### Required steps when upgrading to 2.0.8 or greater + +When upgrading a prior release to 2.0.8 or greater, you will need to perform the following steps to continue to support existing apps. + +1. Take the latest code and generate the mobile app build following the latest iOS and Android app build and deployment instructions given in the repo. Ensure you use the same App ID as before. +1. Sign in to the Study Builder and create an app record that has the exact same App ID that you have been using for your app. Ensure that you choose the correct app settings as well as applicable to your live app (gateway or standalone type of app, platform(s) that need to be supported etc.) +1. Cross-check if all the studies that belong to the app, are mapped to this app in their respective study creation sections. +1. In the newly created app record, fill out all the required app properties and configurations corresponding to the test mode of the app and publish the app. Ensure you have entered the currently existing app’s version information in the Developer Configurations section. +1. Test out your newly generated app with these configurations. +1. After the new version of the app is tested and ready to go to the app stores, revisit the Study Builder, and update all the required app properties and developer configurations to correspond to the app store version of the app that will go live, and publish the app again. Ensure you have chosen No for the `Force upgrade?` fields at this point. +1. Now upload the new build of the mobile app to the app stores as the next version of the existing app. +1. Once your app is approved by the app stores and is live, revisit the Study Builder and set `Force upgrade?` to Yes and publish the app. This will ensure that all app users get prompted to update their apps to the new version when they open the existing apps on their phone. +1. As a last step, mark your app as `distributed` in the Study Builder. + +#### Changes to iOS push notifications in 2.0.8 or greater + +This release uses Firebase Cloud Messaging (FCM) for push notifications for the iOS app. Follow the step `Configure Firebase Cloud Messaging (FCM) for push notifications` in the [iOS Configuration Instructions](/iOS/README.md#configuration-instructions) to set up FCM for iOS. Note that the server key generated here is to be entered into the developer configurations section of the app in the Study builder. + +#### Changes to secrets when upgrading to 2.0.8 or greater + +The following secrets which were in earlier versions are no longer being used as of 2.0.8: +- `manual-android-bundle-id` +- `manual-android-server-key` +- `manual-ios-bundle-id` +- `manual-ios-certificate` +- `manual-ios-certificate-password` +- `manual-mobile-app-appid` + +These secrets can be deleted from your deployment with the following steps. However, make sure you have a record of them handy before deleting, as these need to be updated in the Study Builder interface when [managing the apps](#manage-apps-in-the-study-builder) + +1. Update your repository with the latest changes from release 2.0.8 or greater, create a new working branch and make the following changes: +1. In the `deployment/terraform/kubernetes/main.tf` file, find the section `# Data sources from Secret Manager` and remove the following lines: + - `manual-android-bundle-id` + - `manual-android-server-key` + - `manual-ios-bundle-id` + - `manual-ios-certificate` + - `manual-ios-certificate-password` + - `manual-mobile-app-appid` +1. In the file `deployment/terraform/{prefix}-{env}-secret/main.tf`, remove the following resources: + - ``` + resource "google_secret_manager_secret" "manual_mobile_app_appid" { + [...] + } + ``` + - ``` + resource "google_secret_manager_secret" "manual_android_bundle_id" { + [...] + } + ``` + - ``` + resource "google_secret_manager_secret" "manual_android_server_key" { + [...] + } + ``` + - ``` + resource "google_secret_manager_secret" "manual_ios_bundle_id" { + [...] + } + ``` + - ``` + resource "google_secret_manager_secret" "manual_ios_certificate" { + [...] + } + ``` + - ``` + resource "google_secret_manager_secret" "manual_ios_certificate_password" { + [...] + } + ``` + + ***

Copyright 2020 Google LLC

diff --git a/documentation/whats-new.md b/documentation/whats-new.md index 1c52c202ca..65f4dd59ec 100644 --- a/documentation/whats-new.md +++ b/documentation/whats-new.md @@ -7,6 +7,15 @@ > Subscribe to [mystudies-announce@googlegroups.com](https://groups.google.com/g/mystudies-announce/) to receive release notifications and announcements +# Release 2.0.8 +* Note: This release requires users to update to new versions of the mobile apps from the app stores. +* Added functionality to manage apps using the Study Builder interface. Read more about setting up apps [here](/deployment/README.md#manage-apps-in-the-study-builder) +* Upgrading to 2.0.8 requires following [these steps](/deployment/README.md#managing-apps-208-upgrade) +* Added the ability to notify app users when an app update is required +* Changed iOS push notifications to use Firebase Cloud Messaging (FCM). See [iOS configuration instructions](/iOS/README.md#configuration-instructions) for details +* Additional code improvements and minor enhancements +* The full list of bugs and features addressed in this release can be viewed [here ](https://github.com/GoogleCloudPlatform/fda-mystudies/milestone/11?closed=1) + # Release 2.0.7 * Minor feature enhancements * Bug fixes and UI refinements diff --git a/iOS/README.md b/iOS/README.md index 97eb5b8974..a57495381d 100644 --- a/iOS/README.md +++ b/iOS/README.md @@ -37,7 +37,11 @@ The **FDA MyStudies** mobile application fetches all study, schedule, activity, - Update `APP_ID` variable with the `AppId` that will be configured by the study administrator in the [`Study builder`](../study-builder/) user interface - Set `APP_TYPE` to either “gateway” or “standalone” - Update `STUDY_ID` key with the `StudyId` configured by the study administrator in the [`Study builder`](../study-builder/) user interface (not required for *Gateway* applications) -1. Enable push notifications by creating [push notification certificates](https://help.apple.com/developer-account/#/dev82a71386a) in encrypted `.p12` format (for more information, visit [Establishing a Certificate-Based Connection to APNs](https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/establishing_a_certificate-based_connection_to_apns)) +1. Configure Firebase Cloud Messaging (FCM) for push notifications + - Go to the [Firebase console](https://console.firebase.google.com/) and select the project you configured for Cloud Firestore during [Response datastore](../response-datastore) deployment. + - [Register your app](https://firebase.google.com/docs/cloud-messaging/ios/client#register-app) with Firebase and download the `GoogleService-Info.plist`. Move this config file into the root of your Xcode project. + - Upload your APNs authentication key to Firebase. + - Add [Firebase SDKs](https://firebase.google.com/docs/cloud-messaging/ios/client#add-sdks) and [Initialize Firebase](https://firebase.google.com/docs/cloud-messaging/ios/client#initialize_firebase_in_your_app) in your app. 1. Configure your [`Participant datastore`](/participant-datastore/) instance to interface with your mobile application (skip this step if following the semi-automated [deployment guide](/deployment/README.md) - you will complete an automated version of this task when you return to that guide) - Make a copy of the [`participant-datastore/sqlscript/mystudies_app_info_update_db_script.sql`](../participant-datastore/sqlscript/mystudies_app_info_update_db_script.sql) and update the values to match your iOS configuration - Optionally, configure the Android fields to match your Android configuration (not necessary if you are not configuring an Android application, or if you have already completed this step during Android configuration) From fd8808c74dd8ed626a71e832dac46cfcf86842cf Mon Sep 17 00:00:00 2001 From: andrew moschetti Date: Thu, 21 Oct 2021 12:09:41 -0700 Subject: [PATCH 22/28] Update 2.0.8 deployment docs based on QA feedback --- deployment/README.md | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/deployment/README.md b/deployment/README.md index 7a673b6da0..9791ab0bab 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -455,9 +455,14 @@ The deployment process takes the following approach: 1. You can use the `Apps` section in the Study Builder to create and manage multiple mobile apps running off a single deployment of the platform. 1. Start by creating a new app record by filling out the required fields. 1. Once an app record is created, studies can be mapped to it in the Studies section. -1. To start testing an app, fill out additional required app configurations in the Study Builder, and `publish` the app to propagate the app’s properties to other platform components that need them. Confirm your app is visible in the Participant manager interface. If you are testing out a new version of an app which already exists in the app stores, ensure you retain current app version information in the Developer Configurations section for as long as you are testing the app. -1. Once the app is tested and ready to go to the app stores, update or finalize these app properties to correspond to the app store version of the app that will go live, and publish the latest values, again using the `Publish App` action. If you are pushing out a new version of an existing app to the app stores, and wish to enforce an app update, make sure you set the `Force upgrade` field to `No` initially, until your app is approved and available to end users in the app stores, and update it to `Yes` only after that and publish the app again. -1. Once the app is live, also mark the app as `distributed` to prevent inadvertent changes to key configurations that drive your live app. +1. To start testing an app, fill out additional required app properties and configurations in the Study Builder, and publish the app to propagate the app’s properties to other platform components that need them, using the `Publish App` action. If you are testing out a new version of an app that already exists, ensure you have retained current app version information in the Developer Configurations section at this point - do not replace it with new version information. +1. Confirm your app is visible in the Participant Manager interface and test out your app. +1. Once the app is tested and ready to go to the app stores, update or finalize the app properties to correspond to the app store version of the app that will go live, and publish the latest values, again using the `Publish App` action. At this point, ensure that the app version information in the Developer Configurations section still retains the current version information and that the `Force upgrade` field is set to `No`, even if you are pushing out a new version of an existing app to the app stores. +1. Upload the app to the app stores for review and approval. +1. Once the app is approved in both the app stores and live, revisit the Study Builder and update the app version information in the Developer Configurations section to the latest app version information. Also, at this point, if you wish to enforce an app update, update the `Force upgrade` field to `Yes`. Use the `Publish App` action again for these changes to take effect. +1. These steps will ensure that app users get prompted to update their apps to the new version when they open the existing apps on their device. +1. Also, once your app is live, mark the app as `distributed` in the Study Builder to prevent inadvertent changes to key configurations that drive your live app. + 1. Barring these few key configurations, most other app properties can be updated after the app is live. 1. Note: Any from email addresses that you configure in the app’s properties must be an [alias](https://support.google.com/mail/answer/22370) of the `manual-mystudies-email-address` that is configured in the Secret Manager as part of the platform deployment process. If an alias is not available, please use the same email here. [This Github issue](https://github.com/GoogleCloudPlatform/fda-mystudies/issues/4104) has additional detail on the alias requirements. @@ -609,12 +614,14 @@ When upgrading a prior release to 2.0.8 or greater, you will need to perform the 1. Take the latest code and generate the mobile app build following the latest iOS and Android app build and deployment instructions given in the repo. Ensure you use the same App ID as before. 1. Sign in to the Study Builder and create an app record that has the exact same App ID that you have been using for your app. Ensure that you choose the correct app settings as well as applicable to your live app (gateway or standalone type of app, platform(s) that need to be supported etc.) 1. Cross-check if all the studies that belong to the app, are mapped to this app in their respective study creation sections. -1. In the newly created app record, fill out all the required app properties and configurations corresponding to the test mode of the app and publish the app. Ensure you have entered the currently existing app’s version information in the Developer Configurations section. -1. Test out your newly generated app with these configurations. -1. After the new version of the app is tested and ready to go to the app stores, revisit the Study Builder, and update all the required app properties and developer configurations to correspond to the app store version of the app that will go live, and publish the app again. Ensure you have chosen No for the `Force upgrade?` fields at this point. -1. Now upload the new build of the mobile app to the app stores as the next version of the existing app. -1. Once your app is approved by the app stores and is live, revisit the Study Builder and set `Force upgrade?` to Yes and publish the app. This will ensure that all app users get prompted to update their apps to the new version when they open the existing apps on their phone. -1. As a last step, mark your app as `distributed` in the Study Builder. +1. In the newly created app record, fill out all the required app properties and configurations as applicable to a test version of the app and publish the app, using the `Publish App` action. At this point, ensure you have retained current app version information in the Developer Configurations section - do not replace it with new version information. +1. Confirm your app is still visible in the Participant Manager interface. Test out your newly generated app with the published configurations. +1. Once the app is tested and ready to go to the app stores, update or finalize these app properties to correspond to the app store version of the app that will go live, and publish the latest values, again using the `Publish App` action. At this point, ensure that the app version information in the Developer Configurations section still retains the current version information and that the `Force upgrade` field is set to `No`. +1. Upload the app to the app stores for review and approval. +1. Once the app is approved in both the app stores and live, revisit the Study Builder and update the app version information in the Developer Configurations section to the latest app version information. Also, at this point, if you wish to enforce an app update, update the `Force upgrade` field to `Yes`. Use the `Publish App` action again for these changes to take effect. +1. These steps will ensure that app users get prompted to update their apps to the new version when they open the existing apps on their device. +1. As a last step, once your app is live, mark the app as `distributed` in the Study Builder to prevent inadvertent changes to key configurations that drive your live app. + #### Changes to iOS push notifications in 2.0.8 or greater @@ -671,6 +678,7 @@ These secrets can be deleted from your deployment with the following steps. Howe [...] } ``` +1. Create a pull request from this working branch to your specified branch, which will start the terraform plan and validation. After completion of the plan and validation, merge the pull request. That will run the terraform apply. *** From d4053fa7e7c0510ba7ab72ba93bf6070953ccbaf Mon Sep 17 00:00:00 2001 From: mohangmk <60384913+mohangmk@users.noreply.github.com> Date: Mon, 25 Oct 2021 20:45:41 +0530 Subject: [PATCH 23/28] Update README.md --- deployment/README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/deployment/README.md b/deployment/README.md index 9791ab0bab..334c70faaf 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -640,13 +640,6 @@ The following secrets which were in earlier versions are no longer being used as These secrets can be deleted from your deployment with the following steps. However, make sure you have a record of them handy before deleting, as these need to be updated in the Study Builder interface when [managing the apps](#manage-apps-in-the-study-builder) 1. Update your repository with the latest changes from release 2.0.8 or greater, create a new working branch and make the following changes: -1. In the `deployment/terraform/kubernetes/main.tf` file, find the section `# Data sources from Secret Manager` and remove the following lines: - - `manual-android-bundle-id` - - `manual-android-server-key` - - `manual-ios-bundle-id` - - `manual-ios-certificate` - - `manual-ios-certificate-password` - - `manual-mobile-app-appid` 1. In the file `deployment/terraform/{prefix}-{env}-secret/main.tf`, remove the following resources: - ``` resource "google_secret_manager_secret" "manual_mobile_app_appid" { From af7b3da226fb82e3275cff9aa76904a2427fc3c7 Mon Sep 17 00:00:00 2001 From: madhurya-btc Date: Wed, 15 Dec 2021 12:53:28 +0530 Subject: [PATCH 24/28] log4j vulnerability issue fix --- .../consent-mgmt-module/consent-mgmt/pom.xml | 25 +++++++++++++++---- .../enroll-mgmt-module/enroll-mgmt/pom.xml | 24 +++++++++++++++--- .../user-mgmt-module/user-mgmt/pom.xml | 20 ++++++++++++--- study-builder/fdahpStudyDesigner/pom.xml | 19 -------------- study-datastore/pom.xml | 19 -------------- 5 files changed, 56 insertions(+), 51 deletions(-) diff --git a/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml b/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml index d3e861df6e..006d310ee9 100644 --- a/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml +++ b/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml @@ -66,11 +66,26 @@ - - org.springframework.boot - spring-boot-starter-log4j2 - - + + org.springframework.boot + spring-boot-starter-log4j2 + + + org.apache.logging.log4j + log4j-core + + + + + org.apache.logging.log4j + log4j-core + 2.16.0 + + + org.apache.logging.log4j + log4j-api + 2.16.0 + org.springframework.boot spring-boot-devtools diff --git a/participant-datastore/enroll-mgmt-module/enroll-mgmt/pom.xml b/participant-datastore/enroll-mgmt-module/enroll-mgmt/pom.xml index 0314d586c6..027c2a059e 100644 --- a/participant-datastore/enroll-mgmt-module/enroll-mgmt/pom.xml +++ b/participant-datastore/enroll-mgmt-module/enroll-mgmt/pom.xml @@ -42,10 +42,26 @@ org.springframework.boot spring-boot-starter-data-jpa - - org.springframework.boot - spring-boot-starter-log4j2 - + + org.springframework.boot + spring-boot-starter-log4j2 + + + org.apache.logging.log4j + log4j-core + + + + + org.apache.logging.log4j + log4j-core + 2.16.0 + + + org.apache.logging.log4j + log4j-api + 2.16.0 + org.springframework.boot spring-boot-starter-jdbc diff --git a/participant-datastore/user-mgmt-module/user-mgmt/pom.xml b/participant-datastore/user-mgmt-module/user-mgmt/pom.xml index fde2d9fed6..602bb0eca8 100644 --- a/participant-datastore/user-mgmt-module/user-mgmt/pom.xml +++ b/participant-datastore/user-mgmt-module/user-mgmt/pom.xml @@ -67,7 +67,23 @@ org.springframework.boot spring-boot-starter-log4j2 + + + org.apache.logging.log4j + log4j-core + + + + org.apache.logging.log4j + log4j-core + 2.16.0 + + + org.apache.logging.log4j + log4j-api + 2.16.0 + org.springframework.boot spring-boot-devtools @@ -84,10 +100,6 @@ mysql-connector-java runtime - - org.slf4j - slf4j-ext - org.springframework.boot spring-boot-starter-tomcat diff --git a/study-builder/fdahpStudyDesigner/pom.xml b/study-builder/fdahpStudyDesigner/pom.xml index 5f454c559a..01580d0a47 100644 --- a/study-builder/fdahpStudyDesigner/pom.xml +++ b/study-builder/fdahpStudyDesigner/pom.xml @@ -197,25 +197,6 @@ 1.5.3 true - - log4j - log4j - 1.2.17 - - - com.sun.jmx - jmxri - - - com.sun.jdmk - jmxtools - - - javax.jms - jms - - - javax.servlet jstl diff --git a/study-datastore/pom.xml b/study-datastore/pom.xml index 544562ef5e..743910d344 100644 --- a/study-datastore/pom.xml +++ b/study-datastore/pom.xml @@ -207,25 +207,6 @@ jar compile - - log4j - log4j - 1.2.17 - - - com.sun.jmx - jmxri - - - com.sun.jdmk - jmxtools - - - javax.jms - jms - - - org.quartz-scheduler quartz From 11e205dda64960761e74f805f8aeefa08218dd38 Mon Sep 17 00:00:00 2001 From: madhurya-btc Date: Wed, 15 Dec 2021 12:56:37 +0530 Subject: [PATCH 25/28] formatting pom.xml --- .../consent-mgmt-module/consent-mgmt/pom.xml | 2 +- .../user-mgmt-module/user-mgmt/pom.xml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml b/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml index 006d310ee9..4de833a604 100644 --- a/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml +++ b/participant-datastore/consent-mgmt-module/consent-mgmt/pom.xml @@ -66,7 +66,7 @@ - + org.springframework.boot spring-boot-starter-log4j2 diff --git a/participant-datastore/user-mgmt-module/user-mgmt/pom.xml b/participant-datastore/user-mgmt-module/user-mgmt/pom.xml index 602bb0eca8..f5247367b5 100644 --- a/participant-datastore/user-mgmt-module/user-mgmt/pom.xml +++ b/participant-datastore/user-mgmt-module/user-mgmt/pom.xml @@ -64,16 +64,16 @@ - - org.springframework.boot - spring-boot-starter-log4j2 - + + org.springframework.boot + spring-boot-starter-log4j2 + org.apache.logging.log4j log4j-core - - + + org.apache.logging.log4j log4j-core From f94875aa256575792861890df6e432ea7a640445 Mon Sep 17 00:00:00 2001 From: madhurya-btc Date: Wed, 15 Dec 2021 18:17:40 +0530 Subject: [PATCH 26/28] release version --- .../src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/study-builder/fdahpStudyDesigner/src/main/resources/application.properties b/study-builder/fdahpStudyDesigner/src/main/resources/application.properties index 93fc130185..fed6e60afd 100644 --- a/study-builder/fdahpStudyDesigner/src/main/resources/application.properties +++ b/study-builder/fdahpStudyDesigner/src/main/resources/application.properties @@ -58,7 +58,7 @@ security.oauth2.client.client-secret=${SECRET_KEY} # application version applicationVersion=1.0 -release.version=2.0.8 +release.version=2.0.9 security.oauth2.token_endpoint=${SCIM_AUTH_URL}/oauth2/token security.oauth2.client.redirect-uri=${SCIM_AUTH_URL}/callback From 9ea4eeda9d6ace331763e0d8d324bcbd3fc6b79f Mon Sep 17 00:00:00 2001 From: madhurya-btc Date: Wed, 15 Dec 2021 18:24:13 +0530 Subject: [PATCH 27/28] Update whats-new.md --- documentation/whats-new.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/documentation/whats-new.md b/documentation/whats-new.md index 65f4dd59ec..3980afcd65 100644 --- a/documentation/whats-new.md +++ b/documentation/whats-new.md @@ -6,6 +6,9 @@ --> > Subscribe to [mystudies-announce@googlegroups.com](https://groups.google.com/g/mystudies-announce/) to receive release notifications and announcements +# Release 2.0.9 +* This release fixes the security vulnerability detected with Log4j recently. More information on the vulnerability is here (https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046). +* Note: The platform was using a Log4j version which is not impacted by this vulnerability. However, as a safety measure, the platform is now updated with this release, to use the latest Log4j version 2.16.0 provided by Apache to address this vulnerability. # Release 2.0.8 * Note: This release requires users to update to new versions of the mobile apps from the app stores. From 25058df76066df252fc3503fb86419c2b3f02227 Mon Sep 17 00:00:00 2001 From: madhurya-btc Date: Wed, 15 Dec 2021 18:46:38 +0530 Subject: [PATCH 28/28] Update whats-new.md --- documentation/whats-new.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/whats-new.md b/documentation/whats-new.md index 3980afcd65..2d384aace7 100644 --- a/documentation/whats-new.md +++ b/documentation/whats-new.md @@ -7,8 +7,8 @@ > Subscribe to [mystudies-announce@googlegroups.com](https://groups.google.com/g/mystudies-announce/) to receive release notifications and announcements # Release 2.0.9 -* This release fixes the security vulnerability detected with Log4j recently. More information on the vulnerability is here (https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046). -* Note: The platform was using a Log4j version which is not impacted by this vulnerability. However, as a safety measure, the platform is now updated with this release, to use the latest Log4j version 2.16.0 provided by Apache to address this vulnerability. +* This release fixes the security vulnerability detected with Log4j recently. More information on the vulnerability is here (https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046). +* Note: The platform was using a log4j version and logging framework which is not impacted by this vulnerability. However, as a safety measure, the platform is updated with release v2.0.9, to use the latest Log4j version 2.16.0 that was provided by Apache to address this issue. # Release 2.0.8 * Note: This release requires users to update to new versions of the mobile apps from the app stores.