Resources

Useful references

 

Cloud Platform

acquia-inc-examples-file.inc

Examples for IP address restriction

Sample code for settings.php includes and $conf settings that help you quickly
lock down an Acquia Cloud environment using basic auth and / or IP whitelisting.

- All site lockdown logic in located in acquia.inc
- All settings are in $conf variables.
    - ``$conf['ah_basic_auth_credentials']`` An array of basic auth username /
      password combinations
    - ``$conf['ah_whitelist']`` An array of IP addresses to allow on to the site.
    - ``$conf['ah_blacklist']`` An array of IP addresses that will be denied access to the site.
    - ``$conf['ah_paths_no_cache']`` Paths we should explicitly never cache.
    - ``$conf['ah_paths_skip_auth']`` Skip basic authentication for these paths.
    - ``$conf['ah_restricted_paths']`` Paths which may not be accessed unless the user is on the IP whitelist.
- The site lockdown process happens by calling ``ac_protect_this_site();`` with defined $conf elements.
- Whitelist / blacklist IPs may use any of the following syntax:
    - CIDR (100.0.0.3/4)
    - Range (100.0.0.3-100.0.5.10)
    - Wildcard (100.0.0.*)
    - Single  (100.0.0.1)
    
## Business Logic
- With no $conf values set, ``ac_protect_this_site();`` will do nothing.
- If the path is marked as restricted, all users not on the whitelist will receive access denied.
- If a user's IP is on the blacklist and **not** on the whitelist they will receive access denied.
- Filling ``$conf['ah_basic_auth_credentials']`` will result in all requests being requring an .htaccess log in.
- Securing the site requires entries in both ``$conf['ah_whitelist']`` **and** ``$conf['ah_restricted_paths']``


## Examples

#### Block access to non-whitelisted users on all pages of non-production environments.
```
$conf['ah_restricted_paths'] = array(
  '*',
);

$conf['ah_whitelist'] = array(
  '100.0.0.*',
  '100.0.0.1/5',
);

if (file_exists('/var/www/site-php')) {
  require('/var/www/site-php/{site}/{site}-settings.inc');

  if(!defined('DRUPAL_ROOT')) {
    define('DRUPAL_ROOT', getcwd());
  }

  if (file_exists(DRUPAL_ROOT . '/sites/acquia.inc')) {
    if (isset($_ENV['AH_NON_PRODUCTION']) && $_ENV['AH_NON_PRODUCTION']) {
      require DRUPAL_ROOT . '/sites/acquia.inc';
      ac_protect_this_site();
    }
  }
}
```
#### Block access to user and admin pages on the production environment. Enforce .htaccess authentication on non-production.  Allow access to an API path without authentication
 
```
if (file_exists('/var/www/site-php')) {
  require('/var/www/site-php/{site}/{site}-settings.inc');

  if(!defined('DRUPAL_ROOT')) {
    define('DRUPAL_ROOT', getcwd());
  }

  if (file_exists(DRUPAL_ROOT . '/sites/acquia.inc')) {
    if (isset($_ENV['AH_SITE_ENVIRONMENT'])) {
      if ($_ENV['AH_SITE_ENVIRONMENT'] != 'prod') {
        $conf['ah_basic_auth_credentials'] = array(
          'Editor' => 'Password',
          'Admin' => 'P455w0rd',
        );
        $conf['ah_paths_no_cache'] = array(
          'api'
        );
      }
      else {
        $conf['ah_restricted_paths'] = array(
          'user',
          'user/*',
          'admin',
          'admin/*',
        );
        $conf['ah_whitelist'] = array(
          '100.0.0.9',
          '100.0.0.1/5',
        );
      }
      require DRUPAL_ROOT . '/sites/acquia.inc';
      ac_protect_this_site();
    }
  }
}
```

#### Blacklist known bad IPs on all environments

```
$conf['ah_blacklist'] = array(
  '12.13.14.15',
);

if (file_exists('/var/www/site-php')) {
  require('/var/www/site-php/{site}/{site}-settings.inc');

  if(!defined('DRUPAL_ROOT')) {
    define('DRUPAL_ROOT', getcwd());
  }

  if (file_exists(DRUPAL_ROOT . '/sites/acquia.inc')) {
    require DRUPAL_ROOT . '/sites/acquia.inc';
    ac_protect_this_site();
  }
}
```

acquia-inc-sample.inc

<?php
 
/**
 * @file
 * Utilities for use in protecting an environment via basic auth or IP whitelist.
 */
 
function ac_protect_this_site() {
  global $conf;
  $client_ip = ip_address();
 
  // Test if we are using drush (command-line interface)
  $cli = drupal_is_cli();
  
  // Default to not skipping the auth check
  $skip_auth_check = FALSE;
 
  // Is the user on the VPN? Default to FALSE.
  $on_vpn = $cli ? TRUE : FALSE;
 
  if (!empty($client_ip) && !empty($conf['ah_whitelist'])) {
    $on_vpn = ah_ip_in_list($client_ip, $conf['ah_whitelist']);
    $skip_auth_check = $skip_auth_check || $on_vpn;
  }
 
  // If the IP is not explicitly whitelisted check to see if the IP is blacklisted.
  if (!$on_vpn && !empty($client_ip) && !empty($conf['ah_blacklist'])) {
    if (ah_ip_in_list($client_ip, $conf['ah_blacklist'])) {
      ah_page_403($client_ip);
    }
  }
  // Check if we should skip auth check for this page.
  if (ah_path_skip_auth()) {
    $skip_auth_check = TRUE;
  }
 
  // Check if we should disable cache for this page.
  if (ah_path_no_cache()) {
    $conf['page_cache_maximum_age'] = 0;
  }
 
  // Is the page restricted to whitelist only? Default to FALSE.
  $restricted_page = FALSE;
 
  // Check to see whether this page is restricted.
  if (!empty($conf['ah_restricted_paths']) && ah_paths_restrict()) {
    $restricted_page = TRUE;
  }
 
  $protect_ip = !empty($conf['ah_whitelist']);
  $protect_password = !empty($conf['ah_basic_auth_credentials']);
 
  // Do not protect command line requests, e.g. Drush.
  if ($cli) {
    $protect_ip = FALSE;
    $protect_password = FALSE;
  }
 
  // Un-comment to disable protection, e.g. for load tests.
  // $skip_auth_check = TRUE;
  // $on_vpn = TRUE;
 
  // If not on whitelisted IP prevent access to protected pages.
  if ($protect_ip && !$on_vpn && $restricted_page) {
    ah_page_403($client_ip);
  }
 
  // If not skipping auth, check basic auth.
  if ($protect_password && !$skip_auth_check) {
    ah_check_basic_auth();
  }
}
 
/**
 * Output a 403 (forbidden access) response.
 */
function ah_page_403($client_ip) {
  header('HTTP/1.0 403 Forbidden');
  print "403 Forbidden: Access denied ($client_ip)";
  exit;
}
 
/**
 * Output a 401 (unauthorized) response.
 */
function ah_page_401($client_ip) {
  header('WWW-Authenticate: Basic realm="This site is protected"');
  header('HTTP/1.0 401 Unauthorized');
  print "401 Unauthorized: Access denied ($client_ip)";
  exit;
}
 
/**
 * Check basic auth against allowed values.
 */
function ah_check_basic_auth() {
  global $conf;
 
  $authorized = FALSE;
  $php_auth_user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : NULL;
  $php_auth_pw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : NULL;
  $credentials = isset($conf['ah_basic_auth_credentials']) ? $conf['ah_basic_auth_credentials'] : NULL;
 
  if ($php_auth_user && $php_auth_pw && !empty($credentials)) {
    if (isset($credentials[$php_auth_user]) && $credentials[$php_auth_user] == $php_auth_pw) {
      $authorized = TRUE;
    }
  }
 
  if ($authorized) {
    return;
  }
 
  // Always fall back to 401.
  ah_page_401(ip_address());
}
 
/**
 * Determine if the current path is in the list of paths to not cache.
 */
function ah_path_no_cache() {
  global $conf;
 
  $q = isset($_GET['q']) ? $_GET['q'] : NULL;
  $paths = isset($conf['ah_paths_no_cache']) ? $conf['ah_paths_no_cache'] : NULL;
  if (!empty($q) && !empty($paths)) {
    foreach ($paths as $path) {
      if ($q == $path || strpos($q, $path) === 0) {
        return TRUE;
      }
    }
  }
}
 
/**
 * Determine if the current path is in the list of paths on which to not check
 * auth.
 */
function ah_path_skip_auth() {
  global $conf;
 
  $q = isset($_GET['q']) ? $_GET['q'] : NULL;
  $paths = isset($conf['ah_paths_skip_auth']) ? $conf['ah_paths_skip_auth'] : NULL;
  if (!empty($q) && !empty($paths)) {
    foreach ($paths as $path) {
      if ($q == $path || strpos($q, $path) === 0) {
        return TRUE;
      }
    }
  }
}
 
/**
 * Check whether a path has been restricted.
 *
 */
function ah_paths_restrict() {
  global $conf;
 
  if (isset($_GET['q'])) {
 
    // Borrow some code from drupal_match_path()
    foreach ($conf['ah_restricted_paths'] as &$path) {
      $path = preg_quote($path, '/');
    }
 
    $paths = preg_replace('/\\\\\*/', '.*', $conf['ah_restricted_paths']);
    $paths = '/^(' . join('|', $paths) . ')$/';
 
    // If this is a restricted path, return TRUE.
    if (preg_match($paths, $_GET['q'])) {
      // Do not cache restricted paths
      $conf['page_cache_maximum_age'] = 0;
      return TRUE;
    }
  }
  return FALSE;
}
 
/**
 * Determine if the IP is within the ranges defined in the white/black list.
 */
function ah_ip_in_list($ip, $list) {
  foreach ($list as $item) {
 
    // Match IPs in CIDR format.
    if (strpos($item, '/') !== false) {
      list($range, $mask) = explode('/', $item);
 
      // Take the binary form of the IP and range.
      $ip_dec = ip2long($ip);
      $range_dec = ip2long($range);
 
      // Verify the given IPs are valid IPv4 addresses
      if (!$ip_dec || !$range_dec) {
        continue;
      }
 
      // Create the binary form of netmask.
      $mask_dec = ~ (pow(2, (32 - $mask)) - 1);
 
      // Run a bitwise AND to determine whether the IP and range exist
      // within the same netmask.
      if (($mask_dec & $ip_dec) == ($mask_dec & $range_dec)) {
        return TRUE;
      }
    }
 
    // Match against wildcard IPs or IP ranges.
    elseif (strpos($item, '*') !== false || strpos($item, '-') !== false) {
 
      // Construct a range from wildcard IPs
      if (strpos($item, '*') !== false) {
        $item = str_replace('*', 0, $item) . '-' . str_replace('*', 255, $item);
      }
 
      // Match against ranges by converting to long IPs.
      list($start, $end) = explode('-', $item);
 
      $start_dec = ip2long($start);
      $end_dec = ip2long($end);
      $ip_dec = ip2long($ip);
 
      // Verify the given IPs are valid IPv4 addresses
      if (!$start_dec || !$end_dec || !$ip_dec) {
        continue;
      }
 
      if ($start_dec <= $ip_dec && $ip_dec <= $end_dec) {
        return TRUE;
      }
    }
 
    // Match against single IPs
    elseif ($ip === $item) {
      return TRUE;
    }
  }
  return FALSE;
}

acquia_config.php

<?php

/**
 * @file
 * SimpleSamlPhp Acquia Configuration.
 *
 * This file was last modified on in July 2018.
 *
 * All custom changes below. Modify as needed.
 */

/**
 * Defines Acquia account specific options in $config keys.
 *
 *   - 'store.sql.name': Defines the Acquia Cloud database name which
 *     will store SAML session information.
 *   - 'store.type: Define the session storage service to use in each
 *     Acquia environment ("defualts to sql").
 */

// Set some security and other configs that are set above, however we
// overwrite them here to keep all changes in one area.
$config['technicalcontact_name'] = "Test Name";
$config['technicalcontact_email'] = "[email protected]";

// Change these for your installation.
$config['secretsalt'] = 'AddYourSaltStringHere';
$config['auth.adminpassword'] = 'ChangeThisPlease';

$config['admin.protectindexpage'] = TRUE;
//$config['admin.protectmetadata'] = TRUE;

/**
 * Support SSL Redirects to SAML login pages.
 *
 * Uncomment the code following code block to set
 * server port to 443 on HTTPS environment.
 *
 * This is a requirement in SimpleSAML when providing a redirect path.
 *
 * @link https://github.com/simplesamlphp/simplesamlphp/issues/450
 *
 */
// Prevent Varnish from interfering with SimpleSAMLphp.
// SSL terminated at the ELB / balancer so we correctly set the SERVER_PORT
// and HTTPS for SimpleSAMLphp baseurl configuration.
$protocol = 'http://';
$port = ':80';
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $_SERVER['SERVER_PORT'] = 443;
  $_SERVER['HTTPS'] = 'true';
  $protocol = 'https://';
  $port = ':' . $_SERVER['SERVER_PORT'];
}
$config['baseurlpath'] = $protocol . $port . '/simplesaml/';

$ah_options = array(
  // Use the database "role" without the "stage", e.g., "example", not
  // "exampletest" or "exampleprod".
  // Change the following line to match your database name.
  'database_name' => 'test',

  'session_store' => array(
    // Valid values are "memcache" and "database", database is recommended.
    // Note that the below config will be for only the dev, test, and prod
    // environments. If you would like to cover additional environments, list
    // them here.
    'prod' => 'database',
    'test' => 'database',
    'dev'  => 'database',
  ),
);

/**
 * Cookies No Cache.
 *
 * Allow users to be automatically logged in if they signed in via the same
 * SAML provider on another site by uncommenting the setcookie line below.
 *
 * Warning: This has performance implications for anonymous users.
 *
 * @link https://docs.acquia.com/resource/simplesaml/
 */
// Commenting out NO_CACHE cookie to prevent Varnish caching bypass.
// setcookie('NO_CACHE', '1');

/**
 * Generate Acquia session storage via hosting creds.json.
 *
 * Session storage defaults using the database for the current request.
 *
 * @link https://docs.acquia.com/resource/using-simplesamlphp-acquia-cloud-site/#storing-session-information-using-the-acquia-cloud-sql-database
 */

if (!getenv('AH_SITE_ENVIRONMENT')) {
  // Add / modify your local configuration here.
  $config['store.type'] = 'sql';
  $config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', '127.0.0.1', '', 'drupal');
  $config['store.sql.username'] = 'drupal';
  $config['store.sql.password'] = 'drupal';
  $config['store.sql.prefix'] = 'simplesaml';
  $config['certdir'] = "/var/www/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/cert/";
  $config['metadatadir'] = "/var/www/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/metadata";
  $config['baseurlpath'] = 'simplesaml/';
  $config['loggingdir'] = '/var/www/simplesamlphp/log/';

  // Enable as IdP for local Idp domains.
  if (in_array($_SERVER['SERVER_NAME'], ['local.example.com', 'employee.example.com'])) {
    $config['enable.saml20-idp'] = TRUE;
  }
}
elseif (getenv('AH_SITE_ENVIRONMENT')) {
  // Set ACE and ACSF sites based on hosting database and site name.
  $config['certdir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/cert/";
  $config['metadatadir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/metadata";
  // Base url path already set above.
   $config['baseurlpath'] = 'simplesaml/';
  // Setup basic logging.
  $config['logging.handler'] = 'file';
  $config['loggingdir'] = dirname(getenv('ACQUIA_HOSTING_DRUPAL_LOG'));
  $config['logging.logfile'] = 'simplesamlphp-' . date('Ymd') . '.log';
  $creds_json = file_get_contents('/var/www/site-php/' . $_ENV['AH_SITE_GROUP'] . '.' . $_ENV['AH_SITE_ENVIRONMENT'] . '/creds.json');
  $databases = json_decode($creds_json, TRUE);
  $creds = $databases['databases'][$_ENV['AH_SITE_GROUP']];
  if (substr($_ENV['AH_SITE_ENVIRONMENT'], 0, 3) === 'ode') {
    $creds['host'] = key($creds['db_url_ha']);
  }
  else {
    require_once "/usr/share/php/Net/DNS2_wrapper.php";
    try {
      $resolver = new Net_DNS2_Resolver([
        'nameservers' => [
          '127.0.0.1',
          'dns-master',
        ],
      ]);
      $response = $resolver->query("cluster-{$creds['db_cluster_id']}.mysql", 'CNAME');
      $creds['host'] = $response->answer[0]->cname;
    }
    catch (Net_DNS2_Exception $e) {
      $creds['host'] = "";
    }
  }
  $config['store.type'] = 'sql';
  $config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', $creds['host'], $creds['port'], $creds['name']);
  $config['store.sql.username'] = $creds['user'];
  $config['store.sql.password'] = $creds['pass'];
  $config['store.sql.prefix'] = 'simplesaml';
}

api-notification-example.php

<?php

// This example requires `league/oauth2-client` package.
// Run `composer require league/oauth2-client` before running.
require __DIR__ . '/vendor/autoload.php';

use League\OAuth2\Client\Provider\GenericProvider;
use GuzzleHttp\Client;

// The UUID of an application you want to create the database for.
$applicationUuid = 'APP-UUID';
$dbName = 'test_database_1';
// See https://docs.acquia.com/cloud-platform/develop/api/auth/
// for how to generate a client ID and Secret.
$clientId = 'API-KEY';
$clientSecret = 'API-SECRET';

$provider = new GenericProvider([
    'clientId'                => $clientId,
    'clientSecret'            => $clientSecret,
    'urlAuthorize'            => '',
    'urlAccessToken'          => 'https://accounts.acquia.com/api/auth/oauth/token',
    'urlResourceOwnerDetails' => '',
]);

$client = new Client();
$provider->setHttpClient($client);

echo 'retrieving access token', PHP_EOL;
$accessToken = $provider->getAccessToken('client_credentials');
echo 'access token retrieved', PHP_EOL;

// Generate a request object using the access token.
$request = $provider->getAuthenticatedRequest(
    'POST',
    "https://cloud.acquia.com/api/applications/{$applicationUuid}/databases",
    $accessToken,
    [
        'headers' => ['Content-Type' => 'application/json'],
        'body' => json_encode(['name' => $dbName])
    ]
);

// Send the request.
echo 'requesting db create api', PHP_EOL;
$response = $client->send($request);

echo 'response parsing', PHP_EOL;
$responseBody = json_decode($response->getBody()->getContents(), true);

$notificationLink = $responseBody['_links']['notification']['href'];

$retryCount = 10;

echo 'start watching for notification status at ', $notificationLink, PHP_EOL;
do {
    sleep(5);
    // create notification request.
    $request = $provider->getAuthenticatedRequest(
        'GET',
        $notificationLink,
        $accessToken
    );

    echo 'requesting notification status', PHP_EOL;
    $response = $client->send($request);
    $responseBody = json_decode($response->getBody()->getContents(), true);
    echo 'notification status: ', $responseBody['status'], PHP_EOL;

    if ($responseBody['status'] === 'succeeded') {
        echo 'Successfully created database.';
        exit(0);
    } elseif ($responseBody['status'] === 'failed') {
        echo 'Failed to create database.';
        exit(1);
    } else {
        echo 'retrying notification in 5 sec', PHP_EOL;
        $retryCount--;
        $retry = $retryCount > 0;
    }
} while ($retry);

	

api-v2-auth.php

<?php
require __DIR__ . '/vendor/autoload.php';

use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use GuzzleHttp\Client;

// See https://docs.acquia.com/cloud-platform/develop/api/auth/
// for how to generate a client ID and Secret.
$clientId = 'API Key';
$clientSecret = 'Api Secret';

$provider = new GenericProvider([
    'clientId'                => $clientId,
    'clientSecret'            => $clientSecret,
    'urlAuthorize'            => '',
    'urlAccessToken'          => 'https://accounts.acquia.com/api/auth/oauth/token',
    'urlResourceOwnerDetails' => '',
]);

try {
    // Try to get an access token using the client credentials grant.
    $accessToken = $provider->getAccessToken('client_credentials');

    // Generate a request object using the access token.
    $request = $provider->getAuthenticatedRequest(
        'GET',
        'https://cloud.acquia.com/api/account',
        $accessToken
    );

    // Send the request.
    $client = new Client();
    $response = $client->send($request);

    $responseBody = $response->getBody();


} catch (IdentityProviderException $e) {
    // Failed to get the access token.
    exit($e->getMessage());
}

 

myisam_to_innodb.sh.inc

#!/bin/sh
# Script to load a database, doing some conversions along the way

# EDIT THESE
dbfilename='db-backup.sql.gz'
dbuser='root'
dbpassword='rootpassword'
dbname='mydatabase'

# Flag to say whether we want to convert from innoDB to MyISAM (1 == yes)
# It will only convert the tables matching the regexp
innodb_to_myisam=0  
innodb_to_myisam_exclude_tables_regexp='^(locales_source|locales_target|menu_links|workbench_scheduler_types)$'

# Flag for converting MyISAM to InnoDB (1 == yes)
# It will only convert the tables matching the regexp
myisam_to_innodb=0
myisam_to_innodb_exclude_tables_regexp='^XXX$'

# Tables that will be created with structure only and NO data
no_data_import_tables_regexp='^(__ACQUIA_MONITORING|accesslog|batch|boost_cache|cache|cache_.*|history|queue|search_index|search_dataset|search_total|sessions|watchdog|panels_hash_database_cache|migrate_.*)$'

pv -p $dbfilename |gzip -d -c | awk -F'`' '
NR==1 { 
  # http://superuser.com/questions/246784/how-to-tune-mysql-for-restoration-from-mysql-dump
  # TODO? http://www.palominodb.com/blog/2011/08/02/mydumper-myloader-fast-backup-and-restore ?
  print "SET SQL_LOG_BIN=0;"
  print "SET unique_checks=0;"
  print "SET autocommit=0;"
  print "SET foreign_key_checks=0;"
  output=1;
} 
{ 
  start_of_line=substr($0,1,200);
  # Detect beginning of table structure definition.
  if (index(start_of_line, "-- Table structure for table")==1) {
    output=1
    print "COMMIT;"
    print "SET autocommit=0;"
    current_db=$2
  }
  # Switch the engine from InnoDB to MyISAM : MUCHO FAST. 
  if (substr(start_of_line,1,8)==") ENGINE") {
    if ('${innodb_to_myisam:-0}' == 1) {
      if (current_db ~ /'"$innodb_to_myisam_exclude_tables_regexp"'/) {
        print "Skipping InnoDB -> MyISAM for " current_db >"/dev/stderr"
      } else {
        gsub(/=InnoDB/, "=MyISAM", $0);
        #gsub(/CHARSET=utf8/, "CHARSET=latin1", $0);
      }
    }
    if ('${myisam_to_innodb:-0}' == 1) {
      if (current_db ~ /'"$myisam_to_innodb_exclude_tables_regexp"'/) {
        print "Skipping MyISAM -> InnoDB for " current_db >"/dev/stderr"
      } else {
        gsub(/=MyISAM/, "=InnoDB", $0);
      }
    }
  }
  # Detect beginning of table data dump.
  if (index(start_of_line, "-- Dumping data for table")==1) {
    if (current_db != $2) {
      print "Internal problem: unexpected data, seems to come from table " $2 " whereas expected table " current_db;
      current_db=$2
    }
    printf "\r Processing table " current_db > "/dev/stderr"
    output=1
    # Skip data in some tables
    if (current_db ~ /'"$no_data_import_tables_regexp"'/) {
      output=0
      print "Skipping Data import (imported structure only) for " current_db >"/dev/stderr"
    }
  }
  if (output==1) {
    print
  }
}
END {
  print "COMMIT;"
}' |mysql -u$dbuser --password=$dbpassword $dbname

example.sitename.conf

[ req ]
default_bits = 4096
default_keyfile = private.key
distinguished_name = req_distinguished_name
req_extensions = req_ext # The extensions to add to the self signed cert

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Massachusetts
localityName = Locality Name (eg, city)
localityName_default = Boston
organizationName = Organization Name (eg, company)
organizationName_default = Acquia
organizationalUnitName = Organizational Unit Name (department, division)
organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = localhost
emailAddress = Email Address (such as [email protected])
emailAddress_default =

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = www.example.com
DNS.2 = edit.example.com

memcache.yml

services:
  # Replaces the default lock backend with a memcache implementation.
  lock:
    class: Drupal\Core\Lock\LockBackendInterface
    factory: memcache.lock.factory:get

acsfd7.memcache.settings.php

<?php

/**
 * @file
 * Contains Drupal 7 Acquia memcache configuration to be added directly following the Acquia database require line
 * (see https://docs.acquia.com/cloud-platform/manage/code/require-line/ for more info)
 */

if (getenv('AH_SITE_ENVIRONMENT') &&
  isset($conf['memcache_servers'])
) {
  $conf['memcache_extension'] = 'Memcached';
  $conf['cache_backends'][] = 'sites/all/modules/contrib/memcache/memcache.inc';
  $conf['cache_default_class'] = 'MemCacheDrupal';
  $conf['cache_class_cache_form'] = 'DrupalDatabaseCache';

  // Enable compression
  $conf['memcache_options'][Memcached::OPT_COMPRESSION] = TRUE;

  $conf['memcache_stampede_protection_ignore'] = array(
  // Ignore some cids in 'cache_bootstrap'.
  'cache_bootstrap' => array(
    'module_implements',
    'variables',
    'lookup_cache',
    'schema:runtime:*',
    'theme_registry:runtime:*',
    '_drupal_file_scan_cache',
  ),
  // Ignore all cids in the 'cache' bin starting with 'i18n:string:'
  'cache' => array(
    'i18n:string:*',
  ),
  // Disable stampede protection for the entire 'cache_path' and 'cache_rules'
  // bins.
  'cache_path',
  'cache_rules',
);

# Move semaphore out of the database and into memory for performance purposes
  $conf['lock_inc'] = 'sites/all/modules/contrib/memcache/memcache-lock.inc';
}

authsources.php

<?php

// This file is available at
// https://docs.acquia.com/resource/simplesaml/sources/

$config = array(
    // This is a authentication source which handles admin authentication.
    'admin' => array(
        // The default is to use core:AdminPassword, but it can be replaced with
        // any authentication source.

        'core:AdminPassword',
    ),
    'default-sp' => array(
        'saml:SP',
        // The entityID is the entityID of the SP that the IdP is expecting.
        // This value must be exactly what the IdP is expecting. If the
        // entityID is not set, it defaults to the URL of the SP's metadata.
        // Don't declare an entityID for Site Factory.
        'entityID' => 'SP EntityID',

        // If the IdP requires the SP to hold a certificate, the location
        // of the self-signed certificate.
        // If you need to generate a SHA256 cert, see
        // https://gist.github.com/guitarte/5745b94c6883eaddabfea68887ba6ee6
        'certificate' => "../cert/saml.crt",
        'privatekey' => "../cert/saml.pem",
        'redirect.sign' => TRUE,
        'redirect.validate' => TRUE,

        // The entityID of the IdP.
        // This is included in the metadata from the IdP.
        'idp' => 'IdP EntityID',

        // NameIDFormat is included in the metadata from the IdP
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',

        // If the IdP does not pass any attributes, but provides a NameID in
        // the authentication response, we can filter and add the value as an
        // attribute.
        // See https://simplesamlphp.org/docs/stable/saml:nameidattribute
        'authproc' => array(
                20 => array(
                        'class' => 'saml:NameIDAttribute',
                        'format' => '%V',
                ),
        ),
        // The RelayState parameter needs to be set if SSL is terminated
        // upstream. If you see the SAML response come back with
        // https://example.com:80/saml_login, you likely need to set this.
        // See https://github.com/simplesamlphp/simplesamlphp/issues/420
        'RelayState' => 'https://' . $_SERVER['HTTP_HOST'] . '/saml_login',

        // If working with ADFS, Microsoft may soon only allow SHA256 certs.
        // You must specify signature.algorithm as SHA256.
        // Defaults to SHA1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
        // See https://docs.microsoft.com/en-us/security/trusted-root/program-requirements

        // 'signature.algorithm'  => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
    ),
);

clam_av_script.sh.inc

#!/bin/bash
#
# Shell script to scan the default files directory with ClamAV
# Arguments:
#  Email recipients: Comma separated list of email recipients wrapped in quotes
#  Site environment: Site name and environment formatted like [site].[env]
#

SCAN_OUTPUT=/mnt/tmp/clamscan.log
EMAIL_RECIPIENTS=$1
SITE_ENV=$2
DATE=$(date)
CRON_OUTPUT=/var/log/sites/${SITE_ENV}/logs/$(hostname -s)/clamscan.log

if [ -d /mnt/gfs/${SITE_ENV} ]
then
    {
    echo -e "=============================\nStarting scan ${DATE}\n"

    /usr/bin/clamscan -ri /mnt/gfs/${SITE_ENV}/sites/default/files > ${SCAN_OUTPUT}

    echo -e "Checking output...\n"

    cat ${SCAN_OUTPUT} | grep "FOUND"
    if [ $? -eq 0 ] ; then
        echo -e "FOUND VIRUS, SENDING EMAILS TO ${EMAIL_RECIPIENTS}.\n"
        cat ${SCAN_OUTPUT} | mail -s "${DATE} ClamAV has detected a virus on your website files directory" "${EMAIL_RECIPIENTS}"
    else
        echo -e "CLEAN, NO VIRUSES FOUND.\n"
    fi

    echo -e "Done\n=============================\n"
    } >> ${CRON_OUTPUT} 2>&1
else
    echo "ERROR: directory /mnt/gfs/${SITE_ENV} is not a valid path. Please update your scheduled task with the correct [site].[env] as the second parameter"
fi

cloud-memcache-d7.php

/**
 * @file
 * Contains Drupal 7 Acquia memcache configuration to be added directly following the Acquia database require line
 * (see https://docs.acquia.com/cloud-platform/manage/code/require-line/ for more info)
 */

if (getenv('AH_SITE_ENVIRONMENT') &&
  isset($conf['memcache_servers'])
) {
  $conf['memcache_extension'] = 'Memcached';
  $conf['cache_backends'][] = 'sites/all/modules/contrib/memcache/memcache.inc';
  $conf['cache_default_class'] = 'MemCacheDrupal';
  $conf['cache_class_cache_form'] = 'DrupalDatabaseCache';

  // Enable compression
  $conf['memcache_options'][Memcached::OPT_COMPRESSION] = TRUE;

  $conf['memcache_stampede_protection_ignore'] = array(
  // Ignore some cids in 'cache_bootstrap'.
  'cache_bootstrap' => array(
    'module_implements',
    'variables',
    'lookup_cache',
    'schema:runtime:*',
    'theme_registry:runtime:*',
    '_drupal_file_scan_cache',
  ),
  // Ignore all cids in the 'cache' bin starting with 'i18n:string:'
  'cache' => array(
    'i18n:string:*',
  ),
  // Disable stampede protection for the entire 'cache_path' and 'cache_rules'
  // bins.
  'cache_path',
  'cache_rules',
);

# Move semaphore out of the database and into memory for performance purposes
  $conf['lock_inc'] = 'sites/all/modules/contrib/memcache/memcache-lock.inc';
}

Default Memcached configuration

<?php
/**
 * @file
 * Contains caching configuration.
 * Last change: 2022-08-01
 */

use Composer\Autoload\ClassLoader;

/**
 * Use memcache as cache backend.
 *
 * Autoload memcache classes and service container in case module is not
 * installed. Avoids the need to patch core and allows for overriding the
 * default backend when installing Drupal.
 *
 * @see https://www.drupal.org/node/2766509
 */


// Determine if site is currently running under Acquia Cloud Next.
$is_acquia_cloud_next = (getenv("HOME") == "/home/clouduser");

if (getenv('AH_SITE_ENVIRONMENT') &&
  array_key_exists('memcache', $settings) &&
  array_key_exists('servers', $settings['memcache']) &&
  !empty($settings['memcache']['servers']) &&
  !$is_acquia_cloud_next
) {
  // Check for PHP Memcached libraries.
  $memcache_exists = class_exists('Memcache', FALSE);
  $memcached_exists = class_exists('Memcached', FALSE);
  $memcache_services_yml = DRUPAL_ROOT . '/modules/contrib/memcache/memcache.services.yml';
  $memcache_module_is_present = file_exists($memcache_services_yml);
  if ($memcache_module_is_present && ($memcache_exists || $memcached_exists)) {
    // Use Memcached extension if available.
    if ($memcached_exists) {
      $settings['memcache']['extension'] = 'Memcached';
    }
    if (class_exists(ClassLoader::class)) {
      $class_loader = new ClassLoader();
      $class_loader->addPsr4('Drupal\\memcache\\', DRUPAL_ROOT . '/modules/contrib/memcache/src');
      $class_loader->register();
      $settings['container_yamls'][] = $memcache_services_yml;

      // Acquia Default Settings for the memcache module
      // Default settings for the Memcache module.
      // Enable compression for PHP 7.
      $settings['memcache']['options'][Memcached::OPT_COMPRESSION] = TRUE;

      // Set key_prefix to avoid drush cr flushing all bins on multisite.
      $settings['memcache']['key_prefix'] = $conf['acquia_hosting_site_info']['db']['name'] . '_';

      // Decrease latency.
      $settings['memcache']['options'][Memcached::OPT_TCP_NODELAY] = TRUE;

      // Bootstrap cache.container with memcache rather than database.
      $settings['bootstrap_container_definition'] = [
        'parameters' => [],
        'services' => [
          'database' => [
            'class' => 'Drupal\Core\Database\Connection',
            'factory' => 'Drupal\Core\Database\Database::getConnection',
            'arguments' => ['default'],
          ],
          'settings' => [
            'class' => 'Drupal\Core\Site\Settings',
            'factory' => 'Drupal\Core\Site\Settings::getInstance',
          ],
          'memcache.settings' => [
            'class' => 'Drupal\memcache\MemcacheSettings',
            'arguments' => ['@settings'],
          ],
          'memcache.factory' => [
            'class' => 'Drupal\memcache\Driver\MemcacheDriverFactory',
            'arguments' => ['@memcache.settings'],
          ],
          'memcache.timestamp.invalidator.bin' => [
            'class' => 'Drupal\memcache\Invalidator\MemcacheTimestampInvalidator',
            'arguments' => ['@memcache.factory', 'memcache_bin_timestamps', 0.001],
          ],
          'memcache.backend.cache.container' => [
            'class' => 'Drupal\memcache\DrupalMemcacheInterface',
            'factory' => ['@memcache.factory', 'get'],
            'arguments' => ['container'],
          ],
          'cache_tags_provider.container' => [
            'class' => 'Drupal\Core\Cache\DatabaseCacheTagsChecksum',
            'arguments' => ['@database'],
          ],
          'cache.container' => [
            'class' => 'Drupal\memcache\MemcacheBackend',
            'arguments' => [
              'container',
              '@memcache.backend.cache.container',
              '@cache_tags_provider.container',
              '@memcache.timestamp.invalidator.bin',
              '@memcache.settings',
            ],
          ],
        ],
      ];

      // Content Hub 2.x requires the Depcalc module which needs to use the database backend.
      $settings['cache']['bins']['depcalc'] = 'cache.backend.database';

      // Use memcache for bootstrap, discovery, config instead of fast chained
      // backend to properly invalidate caches on multiple webs.
      // See https://www.drupal.org/node/2754947
      $settings['cache']['bins']['bootstrap'] = 'cache.backend.memcache';
      $settings['cache']['bins']['discovery'] = 'cache.backend.memcache';
      $settings['cache']['bins']['config'] = 'cache.backend.memcache';

      // Use memcache as the default bin.
      $settings['cache']['default'] = 'cache.backend.memcache';
    }
  }
}

Content Hub

ach-bulk-import-batch-functions.php

<?php

/**
 * Process a subset of all the entities to be enqueued in a single request.
 *
 * @param $entity_type
 *   The entity type.
 * @param $bundle
 *   The entity bundle.
 * @param $bundle_key
 *   THe entity bundle key.
 */
function export_enqueue_entities($entity_type, $bundle, $entity_ids, &$context) {
  /**
   * Number of entities per iteration. Decrease this number if your site has
   * too many dependencies per node.
   *
   * @var int $entities_per_iteration
   */
  $entities_per_iteration = 5;

  if (empty($context['sandbox'])) {
    $context['sandbox']['progress'] = 0;
    $context['sandbox']['max'] = count($entity_ids);
    $context['results']['total'] = 0;
  }

  /** @var \Drupal\acquia_contenthub\EntityManager $entity_manager */
  $entity_manager = \Drupal::service('acquia_contenthub.entity_manager');
  /** @var \Drupal\acquia_contenthub\Controller\ContentHubEntityExportController $export_controller */
  $export_controller = \Drupal::service('acquia_contenthub.acquia_contenthub_export_entities');

  $slice_entity_ids = array_slice($entity_ids, $context['sandbox']['progress'], $entities_per_iteration);
  $ids = array_values($slice_entity_ids);
  if (!empty($ids)) {
    $entities = \Drupal::entityTypeManager()
      ->getStorage($entity_type)
      ->loadMultiple($ids);
    foreach ($entities as $entity) {
      if ($entity_manager->isEligibleEntity($entity)) {
          // Entity is eligible, then re-export.
          $export_controller->exportEntities([$entity]);
      }
    }
  }
  $context['sandbox']['progress'] += count($ids);

  $enqueued = implode(',', $ids);
  $message = empty($enqueued) ? "Enqueuing '$entity_type' ($bundle) entities: No entities to queue." :  "Enqueuing '$entity_type' ($bundle) entities with IDs: " . $enqueued . "\n";

  $context['results']['total'] += count($ids);
  $context['message'] = $message;

  if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
    $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
  }

}

function export_enqueue_finished($success, $results, $operations) {
  // The 'success' parameter means no fatal PHP errors were detected. All
  // other error management should be handled using 'results'.
  if ($success) {
    $message = 'Total number of enqueued entities: ' . $results['total'];
  }
  else {
    $message = t('Finished with an error.');
  }
  drush_print($message);
}

content-hub-enqueue-entity-eligibility.php

<?php

    namespace Drupal\acquia_contenthub_publisher\EventSubscriber\EnqueueEligibility;

    use Drupal\acquia_contenthub_publisher\AcquiaContentHubPublisherEvents;
    use Drupal\acquia_contenthub_publisher\Event\ContentHubEntityEligibilityEvent;
    use Drupal\file\FileInterface;
    use Symfony\Component\EventDispatcher\EventSubscriberInterface;

    /**
     * Subscribes to entity eligibility to prevent enqueueing temporary files.
     */
    class FileIsTemporary implements EventSubscriberInterface {

      /**
       * {@inheritdoc}
       */
      public static function getSubscribedEvents() {
        $events[AcquiaContentHubPublisherEvents::ENQUEUE_CANDIDATE_ENTITY][] = ['onEnqueueCandidateEntity', 50];
        return $events;
      }

      /**
       * Prevent temporary files from enqueueing.
       *
       * @param \Drupal\acquia_contenthub_publisher\Event\ContentHubEntityEligibilityEvent $event
       *   The event to determine entity eligibility.
       */
      public function onEnqueueCandidateEntity(ContentHubEntityEligibilityEvent $event) {
        // If this is a file with status = 0 (TEMPORARY FILE) do not export it.
        // This is a check to avoid exporting temporary files.
        $entity = $event->getEntity();
        if ($entity instanceof FileInterface && $entity->isTemporary()) {
          $event->setEligibility(FALSE);
          $event->stopPropagation();
        }
      }

    }

ach-bulk-import.php

<?php
/**
 * @file
 * Add entities from Content Hub to the Import Queue.
 *
 * Please locate this field in the 'scripts' directory as a sibling of docroot:
 * <DOCROOT>/../scripts/ach-bulk-import.php
 *
 * To run the script, execute the drush command:
 * $drush scr ../scripts/ach-bulk-import.php
 *
 * Make sure to enable the Import Queue before executing this script.
 *
 * Notes:
 *
 * 1) If you want to explicitly avoid importing a particular entity type, please
 *    add it to the list of $global_excluded_types.
 * 2) By default importing includes all dependencies. To change this behavior
 *    change the variable $include_dependencies to FALSE.
 * 3) You can decided whether to publish entities after importing them. To
 *    publish entities after importing, set variable $publishing_status to 1.
 *    Setting $publishing_status to 0 imports them as unpublished.
 * 4) You can decide to use FIFO (first exported entities are imported first),
 *    or LIFO (last exported entities are imported first), according to the
 *    $fifo variable: $fifo = 1 uses FIFO, $fifo = 0 uses LIFO.
 * 5) You can set the author of the nodes to be imported locally. Example: If
 *    you set the $uid = 1, it will import all nodes as administrator (author
 *    is administrator). Change it to specific UID to use as author.
 */

use Drupal\acquia_contenthub\ContentHubEntityDependency;
use Drupal\Component\Serialization\Json;

// Global exclusion of entity types.
$global_excluded_types = [
  //   'redirect' => 'redirect',
];

// Include importing dependencies. By default it is "TRUE".
$include_dependencies = TRUE;

// Determine if we want to publish imported entities or not.
// 1: Publish entities, 0: Do not publish.
$publishing_status = 1;

// If TRUE, it will import from the last page to the first (FIFO: first entities
// exported will be the first to import), otherwise will use LIFO (Last exported
// entities will be imported first).
$fifo = TRUE;

// Determine the author UUID for the nodes to be created.
$uid = 1; // administrator.
$user = \Drupal\user\Entity\User::load($uid);
$author = $user->uuid();

/** @var \Drupal\acquia_contenthub\ContentHubEntitiesTracking $entities_tracking */
$entities_tracking = \Drupal::service('acquia_contenthub.acquia_contenthub_entities_tracking');

// Loading ClientManager to be able to execute requests to Content Hub and
// to check connection.
/** @var \Drupal\acquia_contenthub\Client\ClientManager $client_manager */
$client_manager = \Drupal::service('acquia_contenthub.client_manager');
$client = $client_manager->getConnection();

// The ImportEntityManager Service allows to import entities.
/** @var \Drupal\acquia_contenthub\ImportEntityManager $import_manager */
$import_manager = \Drupal::service("acquia_contenthub.import_entity_manager");

// List all the 'dependent' entities type IDs.
$dependent_entity_type_ids = ContentHubEntityDependency::getPostDependencyEntityTypes();

$excluded_types = array_merge($global_excluded_types, $dependent_entity_type_ids);

// Checks whether the import queue has been enabled.
$import_with_queue = \Drupal::config('acquia_contenthub.entity_config')->get('import_with_queue');
if (!$import_with_queue) {
  drush_user_abort('Please enable the Import Queue.');
}

// Check if the site is connected to Content Hub.
if (!$client_manager->isConnected()) {
  return;
}

$list = $client_manager->createRequest('listEntities', [[]]);
$total = floor($list['total'] / 1000) * 1000;

// Starting page.
$start = $fifo ? $total : 0;
// Step
$step = $fifo ? -1000 : 1000;

// Counter of queued entities.
$i = 0;
do {
  // List all entities you want to import by modifying the $options array.
  /*
  * Example of how to structure the $options parameter:
  *
  * $options = [
  *     'type'   => 'node',
  *     'origin' => '11111111-1111-1111-1111-111111111111',
  *     'filters' => [
  *         'status' => 1,
  *         'title' => 'New*',
  *         'body' => '/Boston/',
  *     ],
  * ];
  *
  */
  $options = [
    'start' => $start,
  ];
  $list = $client_manager->createRequest('listEntities', [$options]);
  foreach ($list['data'] as $entity) {
    $i++;
    // We do not want to import "dependent" entities.
    // These 3 lines are not needed in this example, but if we are listing all
    // entities, make sure to exclude dependent entities to be sent directly to
    // the importRemoteEntity() method because you would not be sure if their
    // host (parent) entity exist in the system yet.
    if (in_array($entity['type'], $excluded_types)) {
      drush_print("{$i}) Skipped entity type = {$entity['type']} , UUID = {$entity['uuid']} (Dependent or excluded entity type)");
      continue;
    }

    // Do not import the entity if it has been previously imported and has the
    // same "modified" flag, which means there are no new updates on the entity.
    if ($imported_entity = $entities_tracking->loadImportedByUuid($entity['uuid'])) {
      if ($imported_entity->getModified() === $entity['modified']) {
        drush_print("{$i}) Skipped entity type = {$entity['type']} , UUID = {$entity['uuid']} (Entity already imported)");
        continue;
      }
    }

    // Add entity to import queue.
    try {
      $response = $import_manager->addEntityToImportQueue($entity['uuid'], $include_dependencies, $author, $publishing_status);
      $status = Json::decode($response->getContent());
      if (!empty($status['status']) && $status['status'] == 200) {
        drush_print("{$i}) Entity added to import queue: type = {$entity['type']} , UUID = {$entity['uuid']}");
      }
      else {
        drush_print("{$i}) ERROR: Cannot add entity to import queue: type = {$entity['type']} , UUID = {$entity['uuid']}");
      }
    } catch (\Drupal\Core\Entity\EntityStorageException $ex) {
      drush_print("{$i}) ERROR: Failed to add entity to import queue: type = {$entity['type']} , UUID = {$entity['uuid']} [{$ex->getMessage()}]");
    }
  }
  $start = $start + $step;
  $exit_condition = $fifo ? $start >= 0 : $start <= $total;
} while ($exit_condition);

content-hub-publish-entities.php


<?php

   namespace Drupal\acquia_contenthub_publisher\EventSubscriber\PublishEntities;

   use Drupal\acquia_contenthub_publisher\AcquiaContentHubPublisherEvents;
   use Drupal\acquia_contenthub_publisher\Event\ContentHubPublishEntitiesEvent;
   use Drupal\acquia_contenthub_publisher\PublisherTracker;
   use Drupal\Core\Database\Connection;
   use Symfony\Component\EventDispatcher\EventSubscriberInterface;

   class RemoveUnmodifiedEntities implements EventSubscriberInterface {

  /**
   * The database connection.
   *
   * @var \Drupal\Core\Database\Connection
   */
  protected $database;

   /**
   * RemoveUnmodifiedEntities constructor.
   *
   * @param \Drupal\Core\Database\Connection $database
   *   The database connection.
   */
   public function __construct(Connection $database) {
    $this->database = $database;
  }

  /**
   * {@inheritdoc}
   */
  public static function getSubscribedEvents() {
    $events[AcquiaContentHubPublisherEvents::PUBLISH_ENTITIES][] = ['onPublishEntities', 1000];
    return $events;
  }

  /**
   * Removes unmodified entities before publishing.
   *
   * @param \Drupal\acquia_contenthub_publisher\Event\ContentHubPublishEntitiesEvent $event
   */
  public function onPublishEntities(ContentHubPublishEntitiesEvent $event) {
    $dependencies = $event->getDependencies();
    $uuids = array_keys($dependencies);
    $query = $this->database->select('acquia_contenthub_publisher_export_tracking', 't')
      ->fields('t', ['entity_uuid', 'hash']);
    $query->condition('t.entity_uuid', $uuids, 'IN');
    $query->condition('t.status', [PublisherTracker::CONFIRMED, PublisherTracker::EXPORTED], 'IN');
    $results = $query->execute();
    foreach ($results as $result) {
      // Can't check it if it doesn't have a hash.
      // @todo make this a query.
      if (!$result->hash) {
        continue;
      }
      $wrapper = $dependencies[$result->entity_uuid];
      if ($wrapper->getHash() == $result->hash) {
        $event->removeDependency($result->entity_uuid);
      }
    }
  }

}

Personalization

ACSF-D8-settings-sample-factory-hook.php

<?php

/**
 * @file
 * Contains Environment variables.
 */
$ah_env = isset($_ENV['AH_SITE_ENVIRONMENT']) ? $_ENV['AH_SITE_ENVIRONMENT'] : NULL;
$ah_group = isset($_ENV['AH_SITE_GROUP']) ? $_ENV['AH_SITE_GROUP'] : NULL;
$is_ah_env = (bool) $ah_env;
$is_ah_prod_env = ($ah_env == 'prod' || $ah_env == '01live');
$is_ah_stage_env = ($ah_env == 'test' || $ah_env == '01test');
$is_ah_preview_env = ($ah_env == 'preview' || $ah_env == '01preview');
$is_ah_dev_cloud = (!empty($_SERVER['HTTP_HOST']) && strstr($_SERVER['HTTP_HOST'], 'devcloud'));
$is_ah_dev_env = (preg_match('/^dev[0-9]*$/', $ah_env) || $ah_env == '01dev');
$is_acsf = (!empty($ah_group) && file_exists("/mnt/files/$ah_group.$ah_env/files-private/sites.json"));
$acsf_db_name = $is_acsf ? $GLOBALS['gardens_site_settings']['conf']['acsf_db_name'] : NULL;
$is_local_env = !$is_ah_env;
$is_domain_a= (!empty($_SERVER['HTTP_HOST']) && strstr($_SERVER['HTTP_HOST'], 'domaina'));
$is_domain_b= (!empty($_SERVER['HTTP_HOST']) && strstr($_SERVER['HTTP_HOST'], 'domainb'));


/**
 * @file
 * Contains Acquia Lift and Content Hub configuration.
 */
if ($is_ah_env && $is_domain_a) {
  switch ($ah_env) {
    case '01live':
      $config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
      $config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_a_prod'; //Set in Lift Profile Manager
      $config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312'; //Same as origin below

      // Configure these at at /admin/config/services/acquia-contenthub and run
      // "drush cget acquia_contenthub.admin_settings --include-overridden" to get all the settings.
      $config['acquia_contenthub.admin_settings']['api_key'] = '121231231231'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_a_prod'; //Arbitrary but usually matches site_id
      $config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
      break;
    case '01test':
      $config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
      $config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_a_test'; //Set in Lift Profile Manager
      $config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312'; //Same as origin below
      $config['acquia_contenthub.admin_settings']['api_key'] = '121231231231'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_a_test'; //Arbitrary but usually matches site_id
      $config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
      break;
    case '01dev':
      $config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
      $config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_a_dev'; //Set in Lift Profile Manager
      $config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312'; //Same as origin below
      $config['acquia_contenthub.admin_settings']['api_key'] = '121231231231'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_a_dev'; //Arbitrary but usually matches site_id
      $config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
      break;
  }
}

if ($is_ah_env && $is_domain_b) {
  switch ($ah_env) {
    case '01live':
      $config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
      $config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_b_prod'; //Set in Lift Profile Manager
      $config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312'; //Same as origin below
      $config['acquia_contenthub.admin_settings']['api_key'] = '121231231231'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_b_prod'; //Arbitrary but usually matches site_id
      $config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
      break;
    case '01test':
      $config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
      $config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_b_test'; //Set in Lift Profile Manager
      $config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312'; //Same as origin below
      $config['acquia_contenthub.admin_settings']['api_key'] = '121231231231'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_b_test'; //Arbitrary but usually matches site_id
      $config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
      break;
    case '01dev':
      $config['acquia_lift.settings']['credential']['account_id'] = 'LIFTACCOUNT';
      $config['acquia_lift.settings']['credential']['site_id'] = 'site_id_domain_b_dev'; //Set in Lift Profile Manager
      $config['acquia_lift.settings']['credential']['content_origin'] = '12312312312312312312312'; //Same as origin below
      $config['acquia_contenthub.admin_settings']['api_key'] = '121231231231'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['secret_key'] = '123123123123123123123123123'; //Get from Profile Manager Customer Details
      $config['acquia_contenthub.admin_settings']['client_name'] = 'site_id_domain_b_dev'; //Arbitrary but usually matches site_id
      $config['acquia_contenthub.admin_settings']['origin'] = '12312312312312312312312';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];      
      break;
  }
}




if ($is_local_env) {
  $config['acquia_lift.settings']['credential']['customer_site'] = 'local';
  $config['acquia_contenthub.admin_settings']['origin'] = 'Not connected';
}

D7-example-settings.php

<?php
if (isset($_ENV['AH_SITE_ENVIRONMENT'])) {
  switch ($_ENV['AH_SITE_ENVIRONMENT']) {
case 'prod':
    // Acquia Lift Unique Values - Create in Lift Profile Manager Admin > Manage Configuration Data > Customer Sites
    $conf['acquia_lift_site_id'] = 'domain_prod'; //Unique
    // Uncomment this if you only want Content Hub content from this environment to show in Experience Builder (value should match origin below)
    //$conf['acquia_lift_content_origin'] = '';

    // Acquia Content Hub Settings for dev - Create client_name in Content Hub module
    $conf['content_hub_connector_client_name'] = 'domain_prod'; //Unique
    $conf['content_hub_connector_origin'] = ''; //Unique
    break;

  case 'test':
    // Acquia Lift Unique Values - Create in Lift Profile Manager Admin > Manage Configuration Data > Customer Sites
    $conf['acquia_lift_site_id'] = 'domain_test'; //Unique
    // Uncomment this if you only want Content Hub content from this environment to show in Experience Builder (value should match origin below)
    //$conf['acquia_lift_content_origin'] = '';

    // Acquia Content Hub Settings for dev - Create client_name in Content Hub module
    $conf['content_hub_connector_client_name'] = 'domain_test'; //Unique
    $conf['content_hub_connector_origin'] = ''; //Unique
    break;

  case 'dev':
    // Acquia Lift Unique Values - Create in Lift Profile Manager Admin > Manage Configuration Data > Customer Sites
    $conf['acquia_lift_site_id'] = 'domain_dev'; //Unique
    // Uncomment this if you only want Content Hub content from this environment to show in Experience Builder (value should match origin below)
    //$conf['acquia_lift_content_origin'] = '';

    // Acquia Content Hub Settings for dev - Create client_name in Content Hub module
    $conf['content_hub_connector_client_name'] = 'domain_dev'; //Unique
    $conf['content_hub_connector_origin'] = ''; //Unique
  }
}

D8-example-settings.php

<?php
if (isset($_ENV['AH_SITE_ENVIRONMENT'])) {
  switch ($_ENV['AH_SITE_ENVIRONMENT']) {
case 'prod':
  // Acquia Lift Unique Values - Create in Lift Profile Manager Admin > Manage Configuration Data > Customer Sites
  $config['acquia_lift.settings']['credential']['site_id'] = 'mysite_prod';
      // Uncomment this if you only want Content Hub content from this environment to show in Experience Builder
  //$config['acquia_lift.settings']['credential']['content_origin'] = 'will be generated on /admin/config/services/acquia-contenthub';

  // Acquia Content Hub Settings for prod - Create client_name in Content Hub module
      // Run "drush cget acquia_contenthub.admin_settings --include-overridden" to get all the settings.
  $config['acquia_contenthub.admin_settings']['client_name'] = 'create at /admin/config/services/acquia-contenthub';
  $config['acquia_contenthub.admin_settings']['origin'] = 'will be generated on /admin/config/services/acquia-contenthub';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
  break;

case 'test':
  // Acquia Lift Unique Values - Create in Lift Profile Manager Admin > Manage Configuration Data > Customer Sites
  $config['acquia_lift.settings']['credential']['site_id'] = 'mysite_test';
      // Uncomment this if you only want Content Hub content from this environment to show in Experience Builder
  //$config['acquia_lift.settings']['credential']['content_origin'] = 'will be generated on /admin/config/services/acquia-contenthub';

  // Acquia Content Hub Settings for test - Create client_name in Content Hub module
  $config['acquia_contenthub.admin_settings']['client_name'] = 'create at /admin/config/services/acquia-contenthub';
  $config['acquia_contenthub.admin_settings']['origin'] = 'will be generated on /admin/config/services/acquia-contenthub';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
  break;

case 'dev':
  // Acquia Lift Unique Values - Create in Lift Profile Manager Admin > Manage Configuration Data > Customer Sites
  $config['acquia_lift.settings']['credential']['site_id'] = 'mysite_dev';
      // Uncomment this if you only want Content Hub content from this environment to show in Experience Builder
  //$config['acquia_lift.settings']['credential']['content_origin'] = 'will be generated on /admin/config/services/acquia-contenthub';

  // Acquia Content Hub Settings for dev - Create client_name in Content Hub module
  $config['acquia_contenthub.admin_settings']['client_name'] = 'create at /admin/config/services/acquia-contenthub';
  $config['acquia_contenthub.admin_settings']['origin'] = 'will be generated on /admin/config/services/acquia-contenthub';
      $config['acquia_contenthub.admin_settings']['webhook'] = [
        'uuid' => 'will be generated on /admin/config/services/acquia-contenthub',
        'url' => 'create at /admin/config/services/acquia-contenthub',
        'settings_url' => 'will be generated on /admin/config/services/acquia-contenthub',
      ];
  break;
  }
}

LiftWebJavaClient-HMACv1.java

package com.acquia.lift.examples;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;

/**
 * Example Java client for talking to Lift Web API.
 * 
 * Please note this class is for illustrative purposes only
 *  - it's not thread-safe
 *  - it does not clean resources completely after itself
 *  - may not be as performant as you'd want
 */
public class LiftWebJavaClient {

    /**
     * The API URL for Lift Web.
     */
    private String apiUrl;

    /**
     * The Lift Web account name to use.
     */
    private String accountId;

    /**
     * The access key to use for authorization.
     */
    private String accessKey;

    /**
     * The secret key to use for authorization.
     */
    private String secretKey;

    /**
     * The list of headers that can be used in the canonical request.
     */
    private static final String[] HEADER_WHITE_LIST = { "Accept", "Host", "User-Agent" };

    /**
     * HMAC SHA1 algorithm constant
     */
    private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";

    /**
     * UTF8 encoding
     */
    private static final String UTF8 = "UTF-8";

    /**
     * constructor
     *
     * @param accountId The name of the Lift Web account.
     * @param apiUrl The URL to use for API calls.
     * @param accessKey The access key to use for authorization.
     * @param secretKey The secret key to use for authorization.
     */
    private LiftWebJavaClient(String accountId, String apiUrl, String accessKey, String secretKey) {
        this.accountId = accountId;
        this.apiUrl = apiUrl;
        this.accessKey = accessKey;
        this.secretKey = secretKey;
    }

    /**
     * Generates an endpoint for a particular section of the Lift Web API.
     *
     * @param path The endpoint path, e.g. 'segments' or 'events/my-event'
     * @return String The endpoint to make calls to.
     */
    protected String generateEndpoint(String path) {
        return this.apiUrl + "/dashboard/rest/" + this.accountId + "/" + path;
    }

    /**
     * Returns the canonical representation of a provided HTTP request.
     *
     * @param httpRequest request
     * @return String The canonical representation of the request.
     */
    private String canonicalizeRequest(HttpRequest httpRequest) throws Exception {
        StringBuilder sb = new StringBuilder();
        sb.append(httpRequest.getRequestLine().getMethod().toUpperCase()).append("\n");

        for (String headerName : LiftWebJavaClient.HEADER_WHITE_LIST) {
            Header header = httpRequest.getFirstHeader(headerName);
            if (header != null) {
                String lowercaseHeaderName = headerName.toLowerCase();
                String trimmedHeaderValue = header.getValue().trim();
                sb.append(lowercaseHeaderName).append(":").append(trimmedHeaderValue).append("\n");
            }
        }

        URI uri = new URI(httpRequest.getRequestLine().getUri());
        sb.append(uri.getPath());

        String query = uri.getQuery();
        if (query != null && query.trim().length() > 0) {
            List<String> parameterNameValuePairs = Arrays.<String> asList(query.split("&"));
            if (parameterNameValuePairs.size() > 0) {
                Collections.sort(parameterNameValuePairs);
                sb.append("?").append(parameterNameValuePairs.get(0));
                for (int i = 1; i < parameterNameValuePairs.size(); i++) {
                    sb.append("&").append(parameterNameValuePairs.get(i));
                }
            }
        }

        return sb.toString();
    }

    /**
     * calculates HMAC representation of the data using provided algorithm and key
     *
     *@param algorithm algorithm of choice; for us always SHA1
     *@param data to hash
     * @param key to has it with
     */
    private String hashHMAC(String algorithm, String data, String key) throws Exception {
        String result;
        SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(LiftWebJavaClient.UTF8),
            algorithm);
        Mac mac = Mac.getInstance(algorithm);
        mac.init(signingKey);
        byte[] rawHmac = mac.doFinal(data.getBytes());
        result = Base64.encodeBase64String(rawHmac);
        return result;
    }

    /**
     * adds 'Authorization' header to the request
     *
     * @param httpRequest request
     */
    private void addAuthenticationCredentials(HttpRequest httpRequest) throws Exception {
        // if access key is not provided, it means REST APIs are not authenticated
        if (accessKey == null) {
            return;
        }
        String canonical = canonicalizeRequest(httpRequest);
        String hmac = hashHMAC(LiftWebJavaClient.HMAC_SHA1_ALGORITHM, canonical, this.secretKey);
        String authorizationHeader = "HMAC " + this.accessKey + ":" + hmac;

        System.out.println(authorizationHeader);
        httpRequest.addHeader("Authorization", authorizationHeader);
    }

    /**
     * when using Apache HTTP Client library, we need to correctly inject the authorization header
     * 
     * @returns an HTTP Client that can be used to submit a request
     */
    private CloseableHttpClient createHttpClient() {
        return HttpClientBuilder.create().addInterceptorLast(new HttpRequestInterceptor() {

            @Override
            public void process(HttpRequest request, HttpContext context) throws HttpException,
                    IOException {
                try {
                    addAuthenticationCredentials(request);
                } catch(Exception e) {
                    throw new IOException(e.getMessage(), e);
                }
            }
        }).build();
    }

    /**
     * converts the response body into a string
     * 
     * @param httpResponse
     * @return String representation of the HTTP response body, if possible
     */
    protected String readResponse(HttpResponse httpResponse) throws Exception {
        HttpEntity entity = httpResponse.getEntity();
        BufferedReader br = new BufferedReader(new InputStreamReader(entity.getContent(),
            LiftWebJavaClient.UTF8));
        StringBuilder body = new StringBuilder("");
        String line = null;
        while ((line = br.readLine()) != null) {
            if (body.length() > 0) {
                body.append("\n");
            }
            body.append(line);
        }
        br.close();
        return body.toString().trim();
    }

    //
    // EXAMPLES START HERE
    //

    /**
     * these are several examples in the code
     */
    public static void main(String[] args) throws Exception {

        String accountId = "your_account_id";
        String accessKey = "your_access_key"; // or null if the REST APIs are not authenticated
        String secretKey = "your_secret_key";
        String apiUrl = "your_apiUrl";

        LiftWebJavaClient client = new LiftWebJavaClient(accountId, apiUrl, accessKey, secretKey);

        // example 1 - get segments

        {
            String segmentsPath = "segments";
            String url = client.generateEndpoint(segmentsPath);
            HttpGet httpGet = new HttpGet(url);
            try (CloseableHttpClient httpClient = client.createHttpClient()) {
                HttpResponse httpResponse = httpClient.execute(httpGet);
                int statusCode = httpResponse.getStatusLine().getStatusCode();
                System.out.println(statusCode);
                if (statusCode == 200) {
                    System.out.println(client.readResponse(httpResponse));
                } else {
                    throw new Exception("status not HTTP OK"
                            + httpResponse.getStatusLine().toString());
                }
            }
        }

        // example 2 - put event
        {
            String eventName = "LiftWebRESTEEventExample";
            String eventType = "OTHER";

            String eventsPath = "events/" + eventName + "?type=" + eventType;
            String url = client.generateEndpoint(eventsPath);
            HttpPut request = new HttpPut(url);
            try (CloseableHttpClient httpClient = client.createHttpClient()) {
                HttpResponse httpResponse = httpClient.execute(request);
                int statusCode = httpResponse.getStatusLine().getStatusCode();
                System.out.println(statusCode);
                if (statusCode != 200) {

                    if (httpResponse.getStatusLine().getStatusCode() != 200) {
                        throw new Exception("status not HTTP OK"
                                + httpResponse.getStatusLine().toString());
                    }
                }
            }
        }

        // example 3 - delete event
        {
            String eventName = "LiftWebRESTEEventExample";

            String eventsPath = "events/" + eventName;
            String url = client.generateEndpoint(eventsPath);
            HttpDelete request = new HttpDelete(url);
            try (CloseableHttpClient httpClient = client.createHttpClient()) {
                HttpResponse httpResponse = httpClient.execute(request);
                int statusCode = httpResponse.getStatusLine().getStatusCode();
                System.out.println(statusCode);
                if (statusCode != 200) {

                    if (httpResponse.getStatusLine().getStatusCode() != 200) {
                        throw new Exception("status not HTTP OK"
                                + httpResponse.getStatusLine().toString());
                    }
                }
            }
        }

    }
}

LiftWebJavaClient-HMACv2.java

package com.acquia.lift.examples;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;

import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.protocol.HttpContext;

import com.acquia.http.HMACHttpRequestInterceptor;
import com.acquia.http.HMACHttpResponseInterceptor;

/**
 * Example Java client for talking to Lift Web API.
 * 
 * Please note this class is for illustrative purposes only
 *  - it's not thread-safe
 *  - it does not clean resources completely after itself
 *  - may not be as performant as you'd want
 */
public class LiftWebJavaClient {

    /**
     * The API URL for Lift Web.
     */
    private String apiUrl;

    /**
     * The Lift Web account name to use.
     */
    private String accountId;

    /**
     * The access key to use for authorization.
     */
    private String accessKey;

    /**
     * The secret key to use for authorization.
     */
    private String secretKey;

    /**
     * UTF8 encoding
     */
    private static final String UTF8 = "UTF-8";

    /**
     * constructor
     *
     * @param accountId The name of the Lift Web account.
     * @param apiUrl The URL to use for API calls.
     * @param accessKey The access key to use for authorization.
     * @param secretKey The secret key to use for authorization.
     */
    private LiftWebJavaClient(String accountId, String apiUrl, String accessKey, String secretKey) {
        this.accountId = accountId;
        this.apiUrl = apiUrl;
        this.accessKey = accessKey;
        this.secretKey = secretKey;
    }

    /**
     * Generates an endpoint for a particular section of the Lift Web API.
     *
     * @param path The endpoint path, e.g. 'segments' or 'events/my-event'
     * @return String The endpoint to make calls to.
     */
    protected String generateEndpoint(String path) {
        return this.apiUrl + "/" + this.accountId + "/" + path;
    }

    /**
     * when using Apache HTTP Client library, we need to correctly inject the authorization header
     * 
     * @returns an HTTP Client that can be used to submit a request
     */
    private CloseableHttpClient createHttpClient() {
        HttpClientBuilder clientBuilder = HttpClientBuilder.create();

        HMACHttpRequestInterceptor requestInterceptor = new HMACHttpRequestInterceptor("Acquia",
            this.accessKey, this.secretKey, "SHA256") { //v2 only supports SHA256

            @Override
            public void process(HttpRequest request, HttpContext context)
                    throws HttpException, IOException {
                super.process(request, context);
            }

        };
        clientBuilder.addInterceptorLast(requestInterceptor);

        HMACHttpResponseInterceptor responseInterceptor = new HMACHttpResponseInterceptor(
            this.secretKey, "SHA256"); //v2 only supports SHA256
        clientBuilder.addInterceptorLast(responseInterceptor);

        return clientBuilder.build();
    }

    /**
     * converts the response body into a string
     * 
     * @param httpResponse
     * @return String representation of the HTTP response body, if possible
     */
    protected String readResponse(HttpResponse httpResponse) throws Exception {
        HttpEntity entity = httpResponse.getEntity();
        BufferedReader br = new BufferedReader(
            new InputStreamReader(entity.getContent(), LiftWebJavaClient.UTF8));
        StringBuilder body = new StringBuilder("");
        String line = null;
        while ((line = br.readLine()) != null) {
            if (body.length() > 0) {
                body.append("\n");
            }
            body.append(line);
        }
        br.close();
        return body.toString().trim();
    }

    //
    // EXAMPLES START HERE
    //

    /**
     * these are several examples in the code
     */
    public static void main(String[] args) throws Exception {

        String accountId = "your_account_id";
        String accessKey = "your_access_key"; // or null if the REST APIs are not authenticated
        String secretKey = "your_secret_key";
        String apiUrl = "your_apiUrl";

        LiftWebJavaClient client = new LiftWebJavaClient(accountId, apiUrl, accessKey, secretKey);

        // example 1 - get segments
        {
            String segmentsPath = "segments";
            String url = client.generateEndpoint(segmentsPath);
            HttpGet httpGet = new HttpGet(url);
            try (CloseableHttpClient httpClient = client.createHttpClient()) {
                HttpResponse httpResponse = httpClient.execute(httpGet);
                int statusCode = httpResponse.getStatusLine().getStatusCode();
                System.out.println(statusCode);
                if (statusCode == 200) {
                    System.out.println(client.readResponse(httpResponse));
                } else {
                    throw new Exception(
                        "status not HTTP OK" + httpResponse.getStatusLine().toString());
                }
            }
        }

        // example 2 - put event
        {
            String eventName = "LiftWebRESTEEventExample";
            String eventType = "OTHER";

            String eventsPath = "events/" + eventName + "?type=" + eventType;
            String url = client.generateEndpoint(eventsPath);
            HttpPut request = new HttpPut(url);
            try (CloseableHttpClient httpClient = client.createHttpClient()) {
                HttpResponse httpResponse = httpClient.execute(request);
                int statusCode = httpResponse.getStatusLine().getStatusCode();
                System.out.println(statusCode);
                if (statusCode != 200) {
                    throw new Exception(
                        "status not HTTP OK" + httpResponse.getStatusLine().toString());
                }
            }
        }

        // example 3 - delete event
        {
            String eventName = "LiftWebRESTEEventExample";

            String eventsPath = "events/" + eventName;
            String url = client.generateEndpoint(eventsPath);
            HttpDelete request = new HttpDelete(url);
            try (CloseableHttpClient httpClient = client.createHttpClient()) {
                HttpResponse httpResponse = httpClient.execute(request);
                int statusCode = httpResponse.getStatusLine().getStatusCode();
                System.out.println(statusCode);
                if (statusCode != 200) {
                    throw new Exception(
                        "status not HTTP OK" + httpResponse.getStatusLine().toString());
                }
            }
        }

    }

}

LiftWebPHPClient.php

<?php
/**
 * @file
 * Example PHP client for talking to Lift Web API.
 */

class LiftWebPHPClient {
  /**
   * An http client for making calls to Lift Web.
   */
  protected $httpClient;

  /**
   * The API URL for Lift Web.
   *
   * @var string
   */
  protected $apiUrl;

  /**
   * The Lift Web account ID to use.
   *
   * @var string
   */
  protected $accountId;

  /**
   * The access key to use for authorization.
   *
   * @var string
   */
  protected $accessKey;

  /**
   * The secret key to use for authorization.
   *
   * @var string
   */
  protected $secretKey;

  /**
   * The list of headers that can be used in the canonical request.
   *
   * @var array
   */
  protected $headerWhitelist = array(
    'Accept',
    'Host',
    'User-Agent'
  );

  /**
   * The singleton instance.
   *
   * @var ALProfilesAPI
   */
  private static $instance;

  /**
   * Singleton factory method.
   *
   * @param $account_id
   *   The ID of the Lift Web account.
   * @param $api_url
   *   The URL to use for API calls.
   * @param $access_key
   *   The access key to use for authorization.
   * @param $secret_key
   *   The secret key to use for authorization.
   *
   * @return ALProfilesAPI
   */
  public static function getInstance($account_id, $customer_site, $api_url, $access_key, $secret_key) {
    if (empty(self::$instance)) {
      self::$instance = new self($account_id, $customer_site, $api_url, $access_key, $secret_key);
    }
    return self::$instance;
  }

  /**
   * Private constructor as this is a singleton.
   *
   * @param $account_id
   *   The ID of the Lift Web account.
   * @param $api_url
   *   The URL to use for API calls.
   * @param $access_key
   *   The access key to use for authorization.
   * @param $secret_key
   *   The secret key to use for authorization.
   */
  private function __construct($account_id, $site, $api_url, $access_key, $secret_key) {
    $this->accountId = $account_id;
    $this->customerSite = $site;
    $this->apiUrl = $api_url;
    $this->accessKey = $access_key;
    $this->secretKey = $secret_key;
  }

  /**
   * Returns an http client to use for Lift Web calls.
   */
  protected function httpClient() {
    if (!isset($this->httpClient)) {
      $this->httpClient = new AcquiaLiftDrupalHttpClient();
    }
    return $this->httpClient;
  }

  /**
   * Generates an endpoint for a particular section of the Lift Web API.
   *
   * @param string $path
   *   The endpoint path, e.g. 'segments' or 'events/my-event'
   * @return string
   *   The endpoint to make calls to.
   */
  protected function generateEndpoint($path) {
    return $this->apiUrl . '/dashboard/rest/' . $this->accountId . '/' . $path;
  }

  /**
   * Returns the canonical representation of a request.
   *
   * @param $method
   *   The request method, e.g. 'GET'.
   * @param $path
   *   The path of the request, e.g. '/dashboard/rest/[ACCOUNTID]/segments'.
   * @param array $parameters
   *   An array of request parameters.
   * @param array $headers
   *   An array of request headers.
   * @param bool $add_extra_headers
   *   Whether to add the extra headers that we know drupal_http_request will add
   *   to the request. Set to FALSE if the request will not be handled by
   *   drupal_http_request.
   *
   * @return string
   *   The canonical representation of the request.
   */
  public function canonicalizeRequest($method, $url, $parameters = array(), $headers = array(), $add_extra_headers = TRUE) {
    $parsed_url = parse_url($url);
    $str = strtoupper($method) . "\n";
    // Certain headers may get added to the actual request so we need to
    // add them here.
    if ($add_extra_headers && !isset($headers['User-Agent'])) {
      $headers['User-Agent'] = 'Drupal (+http://drupal.org/)';
    }
    if ($add_extra_headers && !isset($headers['Host'])) {
      $headers['Host'] = $parsed_url['host'] . (!empty($parsed_url['port']) ? ':' . $parsed_url['port'] : '');
    }
    // Sort all header names alphabetically.
    $header_names = array_keys($headers);
    uasort($header_names, create_function('$a, $b', 'return strtolower($a) < strtolower($b) ? -1 : 1;'));
    // Add each header (trimmed and lowercased) and value to the string, separated by
    // a colon, and with a new line after each header:value pair.
    foreach ($header_names as $header) {
      if (!in_array($header, $this->headerWhitelist)) {
        continue;
      }
      $str .= trim(strtolower($header)) . ':' . trim($headers[$header]) . "\n";
    }
    // Add the path.
    $str .= $parsed_url['path'];
    // Sort any parameters alphabetically and add them as a querystring to our string.
    if (!empty($parameters)) {
      ksort($parameters);
      $first_param = key($parameters);
      $str .= '?' . $first_param . '=' . array_shift($parameters);
      foreach ($parameters as $key => $value) {
        $str .= '&' . $key . '=' . $value;
      }
    }
    return $str;
  }

  /**
   * Returns a string to use for the 'Authorization' header.
   *
   * @return string
   */
  public function getAuthHeader($method, $path, $parameters = array(), $headers = array()) {
    $canonical = $this->canonicalizeRequest($method, $path, $parameters, $headers, is_a($this->httpClient(), 'AcquiaLiftDrupalHttpClient'));
    $binary = hash_hmac('sha1', (string) $canonical, $this->secretKey, TRUE);
    $hex = hash_hmac('sha1', (string) $canonical, $this->secretKey, FALSE);
    $hmac = base64_encode($binary);
    return 'HMAC ' . $this->accessKey . ':' . $hmac;
  }

  /**
   * Example method that makes a call to the "example" endpoint.
   */
  public function getMakeAPICall() {
    // First get our Authorization header.
    $headers = array('Accept' => 'application/json');
    $url = $this->generateEndpoint('example');
    $params = array();
    if (!empty($this->customerSite)) {
      $params['customerSite'] = $this->customerSite;
    }
    $auth_header = $this->getAuthHeader('GET', $url, $params, $headers);
    $headers += array('Authorization' => $auth_header);
    $querystring = empty($this->customerSite) ? '' : '?customerSite=' . rawurlencode($this->customerSite);
    $response = $this->httpClient()->get($url . $querystring, $headers);
    // Do something with the response.
  }

}

Site Factory

acsf-backups.php

#!/usr/bin/env php
<?php

use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;

// Example script for making backups of several sites through the REST API.
// Two things are left up to the script user:
// - Including Guzzle, which is used by request();
//   e.g. by doing: 'composer init; composer require guzzlehttp/guzzle'
require 'vendor/autoload.php';

// - Populating $config:
$config = [
  // URL of a subsection inside the SF REST API; must end with sites/.
  'url' => 'https://www.[CLIENT].acsitefactory.com/api/v1/sites/',
  'api_user' => '',
  'api_key' => '',

  // Site IDs of the sites to process; can also be provided as CLI argument.
  'sites' => [],

  // Number of days before backups are deleted; can also be provided on ClI.
  'backup_retention' => 30,

  // Request parameter for /api/v1#List-sites.
  'limit' => 100,

  // The components of the websites to backup.
  // Details: /api/v1#Create-a-site-backup.
  // 'codebase' is excluded from the default components since those files would
  // be the same in each site backup, and cannot be restored into the factory.
  'components' => ['database', 'public files', 'private files', 'themes'],
];

if ($argc < 2 || $argc > 4 || !in_array($argv[1], array('backup-add', 'backup-del'), TRUE)) {
  $help = <<<EOT
    Usage: php application.php parameter [sites] [backup_retention=30].
    Where:
    - parameter is one of {backup-add, backup-del}
    - [sites] is be either a comma separated list (e.g. 111,222,333) or 'all'
    - [backup_retention] the number of days for which the backups should be retained. If passed this threshold they will be deleted when using backup-del command (defaults to 30 days)

EOT;
  echo $help;
  exit(1);
}

// Lower the 'limit' parameter to the maximum which the API allows.
if ($config['limit'] > 100) {
  $config['limit'] = 100;
}

// Check if the list of sites in $config is to be overridden by the provided
// input. If the input is set to 'all' then fetch the list of sites using the
// Site Factory API, otherwise it should be a comma separated list of site IDs.
if ($argc >= 3) {
  if ($argv[2] == 'all') {
    $config['sites'] = get_all_sites($config);
  }
  else {
    // Removing spaces.
    $no_spaces = str_replace(' ', '', $argv[2]);

    // Keeping only IDs that are valid.
    $config['sites'] = array_filter(explode(',', $no_spaces), "id_check");

    // Removing duplicates.
    $config['sites'] = array_unique($config['sites']);
  }
}

// Check if the backup_retention parameter is overwritten.
if ($argc >= 4 && id_check($argv[3])) {
  $config['backup_retention'] = $argv[3];
}

// Helper; returns true if given ID is valid (numeric and > 0), false otherwise.
function id_check($id) {
  return is_numeric($id) && $id > 0;
}

// Fetches the list of all sites using the Site Factory REST API.
function get_all_sites($config) {
  // Starting from page 1.
  $page = 1;

  $sites = array();

  printf("Getting all sites - Limit / request: %d\n", $config['limit']);

  // Iterate through the paginated list until we get all sites, or
  // an error occurs.
  do {
    printf("Getting sites page: %d\n", $page);

    $method = 'GET';
    $url = $config['url'] . "?limit=" . $config['limit'] . "&page=" . $page;
    $has_another_page = FALSE;
    $res = request($url, $method, $config);

    if ($res->getStatusCode() != 200) {
      echo "Error whilst fetching site list!\n";
      exit(1);
    }

    $next_page_header = $res->getHeader('link');
    $response = json_decode($res->getBody()->getContents());

    // If the next page header is present and has a "next" link, we know we
    // have another page.
    if (!empty($next_page_header) && strpos($next_page_header[0], 'rel="next"') !== FALSE) {
      $has_another_page = TRUE;
      $page++;
    }

    foreach ($response->sites as $site) {
      $sites[] = $site->id;
    }
  } while ($has_another_page);

  return $sites;
}

// Helper function to return API user and key.
function get_request_auth($config) {
  return [
    'auth' => [$config['api_user'], $config['api_key']],
  ];
}

// Sends a request using the guzzle HTTP library; prints out any errors.
function request($url, $method, $config, $form_params = []) {
  // We are setting http_errors => FALSE so that we can handle them ourselves.
  // Otherwise, we cannot differentiate between different HTTP status codes
  // since all 40X codes will just throw a ClientError exception.
  $client = new Client(['http_errors' => FALSE]);

  $parameters = get_request_auth($config);
  if ($form_params) {
    $parameters['form_params'] = $form_params;
  }

  try {
    $res = $client->request($method, $url, $parameters);
    return $res;
  }
  catch (RequestException $e) {
    printf("Request exception!\nError message %s\n", $e->getMessage());
  }

  return NULL;
}

// Iterates through backups for a certain site and deletes them if they are
// past the backup_retention mark.
function backup_del($backups, $site_id, $config) {
  // Iterating through existing backups for current site and deleting those
  // that are X days old.
  $time = $config['backup_retention'] . ' days ago';
  foreach ($backups as $backup) {
    $timestamp = $backup->timestamp;
    if ($timestamp < strtotime($time)) {
      printf("Deleting %s with backup (ID: %d).\n", $backup->label, $backup->id);

      $method = 'DELETE';
      $url = $config['url'] . $site_id . '/backups/' . $backup->id;

      $res = request($url, $method, $config);
      if (!$res || $res->getStatusCode() != 200) {
        printf("Error! Whilst deleting backup ID %d. Please check the above messages for the full error.\n", $backup->id);
        continue;
      }
      $task = json_decode($res->getBody()->getContents())->task_id;
      printf("Deleting backup (ID: %d) with task ID %d.\n", $backup->id, $task);
    }
    else {
      printf("Keeping %s since it was created sooner than %s (ID: %d).\n", $backup->label, $time, $backup->id);
    }
  }
}

// Creates or deletes backups depending on the operation given.
function backup($operation, $config) {
  // Setting global operation endpoints and messages.
  if ($operation === 'backup-add') {
    $endpoint = '/backup';
    $message = "Creating backup for site ID %d.\n";
    $method = 'POST';
    $form_params = [
      'components' => $config['components'],
    ];
  }
  else {
    // Unlike in other code, we do not paginate through backups, but we get the
    // maximum for one request.
    $endpoint = '/backups?limit=100';
    $message = "Retrieving old backups for site ID %d.\n";
    $method = 'GET';
    $form_params = [];
  }

  // Iterating through the list of sites defined in secrets.php.
  for ($i = 0; $i < count($config['sites']); $i++) {
    // Sending API request.
    $url = $config['url'] . $config['sites'][$i] . $endpoint;
    $res = request($url, $method, $config, $form_params);

    $message_site = sprintf($message, $config['sites'][$i]);
    // If request returned an error, we show that and
    // we continue with another site.
    if (!$res) {
      // An exception was thrown.
      printf('Error whilst %s', $message_site);
      printf("Please check the above messages for the full error.\n");
      continue;
    }
    elseif ($res->getStatusCode() != 200) {
      // If a site has no backups, it will return a 404.
      if ($res->getStatusCode() == 404 && $operation == 'backup-del') {
        printf("Site ID %d has no backups.\n", $config['sites'][$i]);
      }
      else {
        printf('Error whilst %s', $message_site);
        printf("HTTP code %d\n", $res->getStatusCode());
        $body = json_decode($res->getBody()->getContents());
        printf("Error message: %s\n", $body ? $body->message : '<empty>');
      }
      continue;
    }

    // All good here.
    echo $message_site;

    // For deleting backups, we have to iterate through the backups we get.
    if ($operation == 'backup-del') {
      backup_del(json_decode($res->getBody()->getContents())->backups, $config['sites'][$i], $config);
    }
  }
}

backup($argv[1], $config);

acsfd8+.memcache.settings.php

<?php
/**
 * @file
 * Contains caching configuration.
 */
use Composer\Autoload\ClassLoader;

/**
 * Use memcache as cache backend.
 *
 * Autoload memcache classes and service container in case module is not
 * installed. Avoids the need to patch core and allows for overriding the
 * default backend when installing Drupal.
 *
 * @see https://www.drupal.org/node/2766509
 */

if (!function_exists('get_deployment_id')) {
  function get_deployment_id() {
    static $id = NULL;
    if ($id == NULL) {
      $site_settings = $GLOBALS['gardens_site_settings'];
      $deployment_id_file = "/mnt/www/site-php/{$site_settings['site']}.{$site_settings['env']}/.vcs_head_ref";
      if (is_readable($deployment_id_file)) {
        $id = file_get_contents($deployment_id_file);
        if ($id === FALSE) {
          $id = NULL;
        }
      }
      else {
        $id = NULL;
      }
    }
    return $id;
  }
}

if (getenv('AH_SITE_ENVIRONMENT') &&
  array_key_exists('memcache', $settings) &&
  array_key_exists('servers', $settings['memcache']) &&
  !empty($settings['memcache']['servers'])
) {

// Check for PHP Memcached libraries.
$memcache_exists = class_exists('Memcache', FALSE);
$memcached_exists = class_exists('Memcached', FALSE);
$memcache_services_yml = DRUPAL_ROOT . '/modules/contrib/memcache/memcache.services.yml';
$memcache_module_is_present = file_exists($memcache_services_yml);
if ($memcache_module_is_present && ($memcache_exists || $memcached_exists)) {
  // Use Memcached extension if available.
  if ($memcached_exists) {
    $settings['memcache']['extension'] = 'Memcached';
  }
  if (class_exists(ClassLoader::class)) {
    $class_loader = new ClassLoader();
    $class_loader->addPsr4('Drupal\\memcache\\', DRUPAL_ROOT . '/modules/contrib/memcache/src');
    $class_loader->register();
    $settings['container_yamls'][] = $memcache_services_yml;

    // Acquia Default Settings for the memcache module
    // Default settings for the Memcache module.
    // Enable compression for PHP 7.
    $settings['memcache']['options'][Memcached::OPT_COMPRESSION] = TRUE;

    // Set key_prefix to avoid drush cr flushing all bins on multisite.
    $settings['memcache']['key_prefix'] = sprintf('%s%s_', $conf['acquia_hosting_site_info']['db']['name'], get_deployment_id());

    // Decrease latency.
    $settings['memcache']['options'][Memcached::OPT_TCP_NODELAY] = TRUE;

    // Bootstrap cache.container with memcache rather than database.
    $settings['bootstrap_container_definition'] = [
      'parameters' => [],
      'services' => [
        'database' => [
          'class' => 'Drupal\Core\Database\Connection',
          'factory' => 'Drupal\Core\Database\Database::getConnection',
          'arguments' => ['default'],
        ],
        'settings' => [
          'class' => 'Drupal\Core\Site\Settings',
          'factory' => 'Drupal\Core\Site\Settings::getInstance',
        ],
        'memcache.settings' => [
          'class' => 'Drupal\memcache\MemcacheSettings',
          'arguments' => ['@settings'],
        ],
        'memcache.factory' => [
          'class' => 'Drupal\memcache\Driver\MemcacheDriverFactory',
          'arguments' => ['@memcache.settings'],
        ],
        'memcache.timestamp.invalidator.bin' => [
          'class' => 'Drupal\memcache\Invalidator\MemcacheTimestampInvalidator',
          'arguments' => ['@memcache.factory', 'memcache_bin_timestamps', 0.001],
        ],
        'memcache.backend.cache.container' => [
          'class' => 'Drupal\memcache\DrupalMemcacheInterface',
          'factory' => ['@memcache.factory', 'get'],
          'arguments' => ['container'],
        ],
        'cache_tags_provider.container' => [
          'class' => 'Drupal\Core\Cache\DatabaseCacheTagsChecksum',
          'arguments' => ['@database'],
        ],
        'cache.container' => [
          'class' => 'Drupal\memcache\MemcacheBackend',
          'arguments' => [
            'container',
            '@memcache.backend.cache.container',
            '@cache_tags_provider.container',
            '@memcache.timestamp.invalidator.bin',
            '@memcache.settings',
          ],
        ],
      ],
    ];

    // Content Hub 2.x requires the Depcalc module which needs to use the database backend.
    $settings['cache']['bins']['depcalc'] = 'cache.backend.database';

    // Use memcache for bootstrap, discovery, config instead of fast chained
    // backend to properly invalidate caches on multiple webs.
    // See https://www.drupal.org/node/2754947
    $settings['cache']['bins']['bootstrap'] = 'cache.backend.memcache';
    $settings['cache']['bins']['discovery'] = 'cache.backend.memcache';
    $settings['cache']['bins']['config'] = 'cache.backend.memcache';

    // Use memcache as the default bin.
    $settings['cache']['default'] = 'cache.backend.memcache';
  }
}
}

api-dbupdate.txt

#!/bin/sh
## Initiate a code and database update from Site Factory
## Origin: http://docs.acquia.com/site-factory/extend/api/examples

# This script should primarily be used on non-production environments.

# Mandatory parameters:
# env : environment to run update on. Example: dev, pprod, qa2, test.
#       - the api user must exist on this environment.
#       - for security reasons, update of prod environment is *not*
#         supported and must be performed manually through UI
# branch : branch/tag to update. Example: qa-build
# update_type : code or code,db

source $(dirname "$0")/includes/global-api-settings.inc.sh

env="$1"
branch="$2"
update_type="$3"

# add comma to "code,db" if not already entered
if [ "$update_type" == "code,db" ]
then
update_type="code, db"
fi

# Edit the following line, replacing [domain] with the appropriate
# part of your domain name.

curl "https://www.${env}-[domain].acsitefactory.com/api/v1/update" \
-v -u ${user}:${api_key} -k -X POST \
-H 'Content-Type: application/json' \
-d "{\"sites_ref\": \"${branch}\", \"sites_type\": \"${update_type}\"}"

acsf-cache-lifetime.php

<?php

/**
 * @file
 *
 * This post-settings-php hook is created to conditionally set the cache
 * lifetime of Drupal to be a value that is greater than 300 (5 minutes).
 * It also does not let you set it to be lower than 5 minutes.
 *
 * This does not fire on Drush requests, as it interferes with site creation.
 * It also means that drush will report back incorrect values for the 
 * cache lifetime, so using a real browser is the easiest way to validate
 * what the current settings are.
 *
 * How to enable this for a site:
 *  - drush vset acsf_allow_override_page_cache 1
 *  - drush vset page_cache_maximum_age 3600
 */

if (!drupal_is_cli()) {
  $result = db_query("SELECT value FROM {variable} WHERE name = 'acsf_allow_override_page_cache';")->fetchField();
  if ($result) {
    $acsf_allow_override_page_cache = unserialize($result);
    if ($acsf_allow_override_page_cache) {
      $result = db_query("SELECT value FROM {variable} WHERE name = 'page_cache_maximum_age';")->fetchField();
      // An empty array indicates no value was set in the database, so we ignore
      // the site.
      if ($result) {
        $page_cache_maximum_age = (int) unserialize($result);
        if ($page_cache_maximum_age > 300) {
          $conf['page_cache_maximum_age'] = $page_cache_maximum_age;
        }
      }
    }
  }
}

acsf-hook-tx-isolation.php

<?php

/**
 * @file
 * Example implementation of ACSF post-settings-php hook.
 *
 * @see https://docs.acquia.com/site-factory/extend/hooks
 */

// Changing the database transaction isolation level from `REPEATABLE-READ`
// to `READ-COMMITTED` to avoid/minimize the deadlocks.
// @see https://support-acquia.force.com/s/article/360005253954-Fixing-database-deadlocks
// for reference.

$databases['default']['default']['init_commands'] = [
  'isolation' => "SET SESSION tx_isolation='READ-COMMITTED'",
];
if (file_exists('/var/www/site-php')) {
  acquia_hosting_db_choose_active($conf['acquia_hosting_site_info']['db'], 'default', $databases, $conf);
}

Did not find what you were looking for?

If this content did not answer your questions, try searching or contacting our support team for further assistance.

Acquia Help

Filter by product:

Common questions