Hotfix prod: Make dcp43 default and delete project snapshot cdabcf0b (#6658, #6664)

[dsotirho-ucsc]

Connected issue: #6658, #6664

Note:

• Manually deindex the dcp42 and dcp42-it catalogs from the prod deployment
• Manually deindex snapshot for project cdabcf0b

Checklist

Author

• Target branch is prod
• Name of PR branch matches hotfixes/<GitHub handle of author>/<issue#>-<slug>-prod
• On ZenHub, PR is connected to the issue it hotfixes
• PR description links to connected issue
• PR title is Hotfix prod: followed by title of connected issue
• PR title references the connected issue

Author (hotfixes)

• Added h tag to commit title _{or this PR does not include a temporary hotfix}
• Added H tag to commit title _{or this PR does not include a permanent hotfix}
• Added hotfix label to PR
• This PR is labeled partial _{or represents a permanent hotfix}

Author (before every review)

• Rebased PR branch on prod, squashed old fixups
• Ran make requirements_update _{or this PR does not modify requirements*.txt, common.mk, Makefile and Dockerfile}
• Added R tag to commit title _{or this PR does not modify requirements*.txt}
• This PR is labeled reqs _{or does not modify requirements*.txt}

System administrator (after approval)

• Actually approved the PR
• Labeled PR as no sandbox
• A comment to this PR details the completed security design review
• PR title is appropriate as title of merge commit
• Moved connected issue to Approved column
• PR is assigned to only the operator

Operator (before pushing merge the commit)

• Squashed PR branch and rebased onto prod
• Sanity-checked history
• Pushed PR branch to GitHub
• The title of the merge commit starts with the title of this PR
• Added PR # reference to merge commit title
• Collected commit title tags in merge commit title _{but excluded any p tags}
• Moved connected issue to Merged stable column in ZenHub
• Pushed merge commit to GitHub

Operator (after pushing the merge commit)

• Pushed merge commit to GitLab prod
• Build passes on GitLab prod
• Reviewed build logs for anomalies on GitLab prod
• Deleted PR branch from GitHub

Operator (reindex)

• Deindexed all unreferenced catalogs in prod _{or this PR is neither labeled reindex:partial nor reindex:prod}
• Deindexed specific sources in prod _{or this PR is neither labeled reindex:partial nor reindex:prod}
• Indexed specific sources in prod _{or this PR is neither labeled reindex:partial nor reindex:prod}
• Started reindex in prod _{or neither this PR nor a failed, prior promotion requires it}
• Checked for, triaged and possibly requeued messages in both fail queues in prod _{or neither this PR nor a failed, prior promotion requires it}
• Emptied fail queues in prod _{or neither this PR nor a failed, prior promotion requires it}
• Created backport PR and linked to it in a comment on this PR

Operator

• PR is assigned to no one

Shorthand for review comments

• L line is too long
• W line wrapping is wrong
• Q bad quotes
• F other formatting problem

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.34%. Comparing base (cb2393a) to head (60e5f4c).
Report is 3 commits behind head on prod.

Additional details and impacted files

@@            Coverage Diff             @@
##             prod    #6659      +/-   ##
==========================================
- Coverage   85.36%   85.34%   -0.03%     
==========================================
  Files         155      155              
  Lines       20770    20785      +15     
==========================================
+ Hits        17731    17739       +8     
- Misses       3039     3046       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coveralls]

coverage: 85.363%. remained the same
when pulling 60e5f4c on hotfixes/dsotirho-ucsc/6658-default-catalog-dcp43
into ccc785f on develop.

[hannes-ucsc]

Security design review

• Security design review completed; this PR does not …
  • … affect authentication; for example:
    • OAuth 2.0 with the application (API or Swagger UI)
    • Authentication of developers with Google Cloud APIs
    • Authentication of developers with AWS APIs
    • Authentication with a GitLab instance in the system
    • Password and 2FA authentication with GitHub
    • API access token authentication with GitHub
    • Authentication with Terra
  • … affect the permissions of internal users like access to
    • Cloud resources on AWS and GCP
    • GitLab repositories, projects and groups, administration
    • an EC2 instance via SSH
    • GitHub issues, pull requests, commits, commit statuses, wikis, repositories, organizations
  • … affect the permissions of external users like access to
    • TDR snapshots
  • … affect permissions of service or bot accounts
    • Cloud resources on AWS and GCP
  • … affect audit logging in the system, like
    • adding, removing or changing a log message that represents an auditable event
    • changing the routing of log messages through the system
  • … affect monitoring of the system
  • … introduce a new software dependency like
    • Python packages on PYPI
    • Command-line utilities
    • Docker images
    • Terraform providers
  • … add an interface that exposes sensitive or confidential data at the security boundary
  • … affect the encryption of data at rest
  • … require persistence of sensitive or confidential data that might require encryption at rest
  • … require unencrypted transmission of data within the security boundary
  • … affect the network security layer; for example by
    • modifying, adding or removing firewall rules
    • modifying, adding or removing security groups
    • changing or adding a port a service, proxy or load balancer listens on
• Documentation on any unchecked boxes is provided in comments below

[achave11-ucsc]

This caused a regression in the Browser, the default catalog in said repository wasn't bumped to dcp43.

So the previous successful deploy job (prior to introducing the regression) in the GitLab instance was re-ran to resolve the problem, I'm glad I checked, prior to deleting the dcp42 indicies.

[hannes-ucsc]

I'm glad you caught this. I think the Data Browser has yet to be updated to change the default catalog to dcp43. Let's discuss next steps in PL.

[achave11-ucsc]

Backport PR: #6655