1.3

Major Changes

1. Data Studios
   This version supports the necessary flags and configurations to support Data Studios. Please note that your existing TLS certificate must support subdomain wildcards to accommodate new networking needs. Please consult the Data Studios deployment documentation for specific guidance re: new certificate needs.

   The following new key-values pairs have been added to the terraform.tfvars file to manage Data Studio. Several changes have been made in other .tf files. It is recommended you replace your existing project files with the new files in this release.

   flag_enable_data_studio                   = true
   data_studio_container_version             = "0.7.0"
   
   flag_limit_data_studio_to_some_workspaces = false
   data_studio_eligible_workspaces           = ""
   
   data_studio_template_container_version_jupyter = "0.7.0"
   data_studio_template_container_version_rstudio = "0.7.0"
   data_studio_template_container_version_vscode = "0.7.0"

2. Database Connection String
   Tower v24.1.x uses the Micronaut 4 framework. Library upgrades within Micronaut 4 required an extra modifier to be connected to the database connection string. This change ended up being quite challenging to implement using the existing chained-ternary operator if statement mechanism Terraform offers.

   As a result, we introduced the external data Terraform resource to the project. Logic was externalized to a new Python script shipped with the release, which allowed for a cleaner (albeit more complex) way to compartmentalize complicated logic.

   You will need to upgrade your existing Terraform projects in place to acquire this new component. Also, please be advised that we are considering implementing this feature more broadly throughout the project to streamline other convoluted logic currently used by the project. You have an opportunity to comment on this draft PR.

3. Database Client Modification
   Previous iterations of the project downloaded a mysql-client package via Ansible to allow setup logic to be able to connect with / update your database solution with changes required to use Groundswell / configure a freshly-created RDS instance. This existing solution has proven brittle as the repo GPG key changes from time to time and some clients are unable to egress to the repo to retrieve the package (causing errors in the installation process).

   As a result, we have replaced the mysql-client solution with a mysql:8.0 Docker container solution. This is expected to be cleaner, more self-contained, and leverages the same image that needs to be present on the machine should you choose to deploy your Tower instance with the default containerized database. Ansible and Python script files needed to be refactored to accommodate this change but we do not expect your operations to be affected (so long as you replace your current assets folder with the new assets folder supplied in this release).

4. Audit Log Retention
   By default, your Tower Enterprise installation retains audit logs for 1 year. Some sites have more stringent compliance rules and must retain for longer. This is now a configurable value.

   The following new key-values pair has been added to the terraform.tfvars file to manage audit log retention.

   tower_audit_retention_days              = 1095       # 3 years (value in days)

5. Docker CIDR Range Definitions
   Clients running their Tower instance in a VPC served by VPN found that the generation of new docker networks could conflict with their pre-existing VPN CIDR range, causing SSH connections to immediately fail.

   The following new key-values pair has been added to the terraform.tfvars file to explicitly define your docker CIDR range.

   docker_cidr_range                      = "172.80.0.0/16"

6. Various clean-up and alignment
   EC2 keypair .pem file generation has been aligned with how all other files are generated.
   Fixed SSM overwrite implementation.
   Adding missing SMTP keys to templated secrets file.

What's Changed

• Database fixes by @gwright99 in #86
• Add Data Studio to master branch by @gwright99 in #95
• Fixed ssm overwrite flag. by @gwright99 in #96
• Explicitly set docker CIDR range (configurable). by @gwright99 in #98
• Added audit log retention configuration. by @gwright99 in #103
• Moved EC2 Keypair logic to live with other file creation logic. by @gwright99 in #101
• Added missing smtp user/password to template file. by @gwright99 in #99
• Gwright99/1 replace mysql client by @gwright99 in #107
• Bumped Tower default to v24.1.1 and added check for v24.1.0 by @gwright99 in #102
• Fixed documentation errors re IAM permissions. by @gwright99 in #110

Shoutouts

Thank you to @markpanganiban, @schaluva, and @nate-simon for their assistance reviewing and testing the changes within the release!

Full Changelog: 1.2.2...1.3