From 53d98be7ea2c1b9b56b7b8b8beeb9f85f750aea1 Mon Sep 17 00:00:00 2001 From: John Ake Date: Thu, 28 Dec 2023 10:53:29 +0000 Subject: [PATCH] WIP --- .../actions/database-backup/action.yml | 2 +- .../actions/deploy-environment/action.yml | 77 ------------ .../workflows/actions/deploy_v2/action.yml | 2 +- .../workflows/actions/smoke-test/action.yml | 44 ------- .github/workflows/build-and-deploy.yml | 27 ---- Makefile | 118 +++--------------- global_config/development.sh | 7 ++ global_config/preproduction.sh | 7 ++ global_config/production.sh | 7 ++ global_config/review.sh | 7 ++ global_config/test.sh | 7 ++ .../development.backend.tfvars | 3 + .../development.tfvars.json | 13 ++ .../workspace_variables/development_Terrafile | 3 + .../preproduction.backend.tfvars | 3 + .../preproduction.tfvars.json | 23 ++++ .../preproduction_Terrafile | 3 + .../production.backend.tfvars | 3 + .../production.tfvars.json | 27 ++++ .../workspace_variables/production_Terrafile | 3 + .../workspace_variables/review.backend.tfvars | 3 + .../workspace_variables/review.tfvars.json | 14 +++ .../aks/workspace_variables/review_Terrafile | 4 + .../workspace_variables/test.backend.tfvars | 3 + .../aks/workspace_variables/test.tfvars.json | 13 ++ .../aks/workspace_variables/test_Terrafile | 3 + terraform/paas/.gitignore | 1 - terraform/paas/.terraform.lock.hcl | 69 ---------- terraform/paas/app.tf | 103 --------------- terraform/paas/data.tf | 38 ------ terraform/paas/network-policies.tf | 25 ---- terraform/paas/outputs.tf | 3 - terraform/paas/provider.tf | 26 ---- terraform/paas/statuscake.tf | 22 ---- terraform/paas/terraform.tf | 24 ---- terraform/paas/variables.tf | 115 ----------------- .../workspace_variables/dev.backend.tfvars | 3 - .../paas/workspace_variables/dev.tfvars.json | 11 -- .../preprod.backend.tfvars | 3 - .../workspace_variables/preprod.tfvars.json | 19 --- .../production.backend.tfvars | 3 - .../production.tfvars.json | 27 ---- .../workspace_variables/review.backend.tfvars | 3 - .../workspace_variables/review.tfvars.json | 10 -- .../workspace_variables/test.backend.tfvars | 3 - .../paas/workspace_variables/test.tfvars.json | 17 --- 46 files changed, 176 insertions(+), 775 deletions(-) delete mode 100644 .github/workflows/actions/deploy-environment/action.yml delete mode 100644 .github/workflows/actions/smoke-test/action.yml create mode 100644 global_config/development.sh create mode 100644 global_config/preproduction.sh create mode 100644 global_config/production.sh create mode 100644 global_config/review.sh create mode 100644 global_config/test.sh create mode 100644 terraform/aks/workspace_variables/development.backend.tfvars create mode 100644 terraform/aks/workspace_variables/development.tfvars.json create mode 100644 terraform/aks/workspace_variables/development_Terrafile create mode 100644 terraform/aks/workspace_variables/preproduction.backend.tfvars create mode 100644 terraform/aks/workspace_variables/preproduction.tfvars.json create mode 100644 terraform/aks/workspace_variables/preproduction_Terrafile create mode 100644 terraform/aks/workspace_variables/production.backend.tfvars create mode 100644 terraform/aks/workspace_variables/production.tfvars.json create mode 100644 terraform/aks/workspace_variables/production_Terrafile create mode 100644 terraform/aks/workspace_variables/review.backend.tfvars create mode 100644 terraform/aks/workspace_variables/review.tfvars.json create mode 100644 terraform/aks/workspace_variables/review_Terrafile create mode 100644 terraform/aks/workspace_variables/test.backend.tfvars create mode 100644 terraform/aks/workspace_variables/test.tfvars.json create mode 100644 terraform/aks/workspace_variables/test_Terrafile delete mode 100644 terraform/paas/.gitignore delete mode 100644 terraform/paas/.terraform.lock.hcl delete mode 100644 terraform/paas/app.tf delete mode 100644 terraform/paas/data.tf delete mode 100644 terraform/paas/network-policies.tf delete mode 100644 terraform/paas/outputs.tf delete mode 100644 terraform/paas/provider.tf delete mode 100644 terraform/paas/statuscake.tf delete mode 100644 terraform/paas/terraform.tf delete mode 100644 terraform/paas/variables.tf delete mode 100644 terraform/paas/workspace_variables/dev.backend.tfvars delete mode 100644 terraform/paas/workspace_variables/dev.tfvars.json delete mode 100644 terraform/paas/workspace_variables/preprod.backend.tfvars delete mode 100644 terraform/paas/workspace_variables/preprod.tfvars.json delete mode 100644 terraform/paas/workspace_variables/production.backend.tfvars delete mode 100644 terraform/paas/workspace_variables/production.tfvars.json delete mode 100644 terraform/paas/workspace_variables/review.backend.tfvars delete mode 100644 terraform/paas/workspace_variables/review.tfvars.json delete mode 100644 terraform/paas/workspace_variables/test.backend.tfvars delete mode 100644 terraform/paas/workspace_variables/test.tfvars.json diff --git a/.github/workflows/actions/database-backup/action.yml b/.github/workflows/actions/database-backup/action.yml index c5fdb1d06..ef4ebba7e 100644 --- a/.github/workflows/actions/database-backup/action.yml +++ b/.github/workflows/actions/database-backup/action.yml @@ -28,7 +28,7 @@ runs: shell: bash id: set_kv_env_vars run: | - tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}_aks.tfvars.json + tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json cat $tf_vars_file INF_VAULT_NAME=$(jq -r '.inf_vault_name' ${tf_vars_file}) NAMESPACE=$(jq -r '.namespace' ${tf_vars_file}) diff --git a/.github/workflows/actions/deploy-environment/action.yml b/.github/workflows/actions/deploy-environment/action.yml deleted file mode 100644 index af4c3c61b..000000000 --- a/.github/workflows/actions/deploy-environment/action.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: Deploy PAAS environment - -inputs: - environment_name: - description: "The name of the environment" - required: true - docker_image: - description: "The Docker image to deploy to the environment" - required: true - azure_credentials: - description: "JSON object containing a service principal that can read from Azure Key Vault" - required: true - terraform_vars: - description: "Path to the tfvars file for the environment" - required: true - pr_id: - description: "Pull Request number" - required: false - -outputs: - environment_url: - description: "The base URL for the deployed environment" - value: ${{ steps.terraform.outputs.url }} - -runs: - using: composite - - steps: - - name: Extract configuration from tfvars - id: config - run: | - KEY_VAULT_NAME=$(jq -r '.key_vault_name' $TFVARS) - PAAS_SPACE=$(jq -r '.paas_space' $TFVARS) - - if [ -z "$KEY_VAULT_NAME" ]; then - echo "::error ::Failed to extract key_vault_name from $TFVARS" - exit 1 - fi - - if [ -z "$PAAS_SPACE" ]; then - echo "::error ::Failed to extract paas_space from $TFVARS" - exit 1 - fi - - echo ::set-output name=key_vault_name::$KEY_VAULT_NAME - echo ::set-output name=paas_space::$PAAS_SPACE - shell: bash - env: - TFVARS: ${{ inputs.terraform_vars }} - working-directory: terraform/paas - - - uses: Azure/login@v1 - with: - creds: ${{ inputs.azure_credentials }} - - - uses: Azure/get-keyvault-secrets@v1 - id: get_secrets - with: - keyvault: ${{ steps.config.outputs.key_vault_name }} - secrets: "TFSTATE-CONTAINER-ACCESS-KEY,PAAS-USER,PAAS-PASSWORD" - - - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.10 - terraform_wrapper: false - - - name: Terraform - id: terraform - run: | - make ci ${{ inputs.environment_name }} terraform-apply - cd terraform/paas && echo ::set-output name=url::https://$(terraform output -raw flt_fqdn)/ - env: - ARM_ACCESS_KEY: ${{ steps.get_secrets.outputs.TFSTATE-CONTAINER-ACCESS-KEY }} - TF_VAR_azure_sp_credentials_json: ${{ inputs.azure_credentials }} - TF_VAR_flt_docker_image: ${{ inputs.docker_image }} - pr_id: ${{ inputs.pr_id }} - shell: bash diff --git a/.github/workflows/actions/deploy_v2/action.yml b/.github/workflows/actions/deploy_v2/action.yml index 39a1f3025..b02279970 100644 --- a/.github/workflows/actions/deploy_v2/action.yml +++ b/.github/workflows/actions/deploy_v2/action.yml @@ -59,7 +59,7 @@ runs: - name: Terraform init, plan & apply shell: bash - run: make ci ${{ inputs.environment }} terraform-apply-aks + run: make ci ${{ inputs.environment }} terraform-apply env: ARM_ACCESS_KEY: ${{ inputs.arm-access-key }} DOCKER_IMAGE: ${{ inputs.docker_image }} diff --git a/.github/workflows/actions/smoke-test/action.yml b/.github/workflows/actions/smoke-test/action.yml deleted file mode 100644 index bedb87609..000000000 --- a/.github/workflows/actions/smoke-test/action.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Run smoke test - -inputs: - environment: - description: The name of the environment - required: true - azure_credentials: - description: JSON object containing a service principal that can read from Azure Key Vault - required: true - -runs: - using: composite - - steps: - - uses: Azure/login@v1 - with: - creds: ${{ inputs.azure_credentials }} - - - name: Prepare application environment - uses: ./.github/actions/prepare-app-env - - - name: Set environment variables - shell: bash - run: | - tf_vars_file=terraform/paas/workspace_variables/${{ inputs.environment }}.tfvars.json - echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV - echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ env.KEY_VAULT_NAME }} - secret: INFRASTRUCTURE - key: HOSTING_DOMAIN,GOVUK_NOTIFY_API_KEY,SUPPORT_USERNAME,SUPPORT_PASSWORD - - - name: Run deployment smoke test - shell: bash - run: bin/smoke - env: - HOSTING_DOMAIN: ${{ steps.keyvault-yaml-secret.outputs.HOSTING_DOMAIN }} - RAILS_ENV: ${{ steps.keyvault-yaml-secret.outputs.HOSTING_ENVIRONMENT_NAME }} - GOVUK_NOTIFY_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.GOVUK_NOTIFY_API_KEY }} - SUPPORT_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.SUPPORT_USERNAME }} - SUPPORT_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.SUPPORT_PASSWORD }} diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index bcd1c5a68..dc7818bce 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -33,33 +33,6 @@ jobs: github_username: ${{ github.actor }} github_token: ${{ secrets.GITHUB_TOKEN }} - deploy_review: - name: Deploy to review environment - concurrency: deploy_review_${{ github.event.pull_request.number }} - needs: [docker] - runs-on: ubuntu-latest - if: contains(github.event.pull_request.labels.*.name, 'deploy') - environment: - name: review - - steps: - - uses: actions/checkout@v3 - - uses: ./.github/workflows/actions/deploy-environment - id: deploy - with: - environment_name: review - docker_image: ${{ needs.docker.outputs.docker_image }} - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - terraform_vars: workspace_variables/review.tfvars.json - pr_id: ${{ github.event.pull_request.number }} - - - name: Post sticky pull request comment - if: github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@v2 - with: - message: | - Review app deployed to ${{ steps.deploy.outputs.environment_url }} - deploy_v2_review: name: Deploy to review_aks environment concurrency: deploy_v2_review_${{ github.event.pull_request.number }} diff --git a/Makefile b/Makefile index a243759b0..d079961c0 100644 --- a/Makefile +++ b/Makefile @@ -19,71 +19,28 @@ aks: ## Sets environment variables for aks deployment $(eval KEY_VAULT_SECRET_NAME=APPLICATION) $(eval KEY_VAULT_PURGE_PROTECTION=false) -.PHONY: dev ## For Paas only -dev: - $(eval DEPLOY_ENV=dev) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) - $(eval RESOURCE_NAME_PREFIX=s165d01) - $(eval ENV_SHORT=dv) - $(eval ENV_TAG=dev) - -.PHONY: development_aks ## For AKS -development_aks: aks ## Specify development aks environment - $(eval include global_config/development_aks.sh) +.PHONY: development ## For AKS +development: aks ## Specify development aks environment + $(eval include global_config/development.sh) .PHONY: test -test: - $(eval DEPLOY_ENV=test) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) - $(eval RESOURCE_NAME_PREFIX=s165t01) - $(eval ENV_SHORT=ts) - $(eval ENV_TAG=test) - -.PHONY: test_aks -test_aks: aks ## Specify test aks environment - $(eval include global_config/test_aks.sh) - -.PHONY: preprod -preprod: - $(eval DEPLOY_ENV=preprod) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) - $(eval RESOURCE_NAME_PREFIX=s165t01) - $(eval ENV_SHORT=pp) - $(eval ENV_TAG=pre-prod) - -.PHONY: preproduction_aks -preproduction_aks: aks ## Specify preproduction aks environment - $(eval include global_config/preproduction_aks.sh) +test: aks ## Specify test aks environment + $(eval include global_config/test.sh) + +.PHONY: preproduction +preproduction: aks ## Specify preproduction aks environment + $(eval include global_config/preproduction.sh) .PHONY: production -production: - $(eval DEPLOY_ENV=production) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production) - $(eval RESOURCE_NAME_PREFIX=s165p01) - $(eval ENV_SHORT=pd) - $(eval ENV_TAG=prod) - $(eval AZURE_BACKUP_STORAGE_ACCOUNT_NAME=s165p01dbbackup) - $(eval AZURE_BACKUP_STORAGE_CONTAINER_NAME=find-a-lost-trn) - -.PHONY: production_aks -production_aks: aks ## Specify production aks environment - $(eval include global_config/production_aks.sh) +production: aks ## Specify production aks environment + $(eval include global_config/production.sh) .PHONY: review -review: - $(if $(pr_id), , $(error Missing environment variable "pr_id")) - $(eval DEPLOY_ENV=review) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) - $(eval env=-pr-$(pr_id)) - $(eval backend_config=-backend-config="key=review/review$(env).tfstate") - $(eval export TF_VAR_app_suffix=$(env)) - -.PHONY: review_aks -review_aks: aks ## Specify review aks environment +review: aks ## Specify review aks environment $(if $(pr_id), , $(error Missing environment variable "pr_id")) - $(eval include global_config/review_aks.sh) + $(eval include global_config/review.sh) $(eval env=-pr-$(pr_id)) - $(eval backend_config=-backend-config="key=review_aks$(env).tfstate") + $(eval backend_config=-backend-config="key=review$(env).tfstate") $(eval export TF_VAR_app_suffix=$(env)) .PHONY: ci @@ -103,16 +60,6 @@ bin/terrafile: ## Install terrafile to manage terraform modules tags: ##Tags that will be added to resource group on it's creation in ARM template $(eval RG_TAGS=$(shell echo '{"Portfolio": "Early years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Find a Lost TRN", "Service Line": "Teaching Workforce", "Service": "Teacher Services", "Service Offering": "Find a Lost TRN", "Environment" : "$(ENV_TAG)"}' | jq . )) -.PHONY: read-keyvault-config -read-keyvault-config: - $(eval KEY_VAULT_NAME=$(shell jq -r '.key_vault_name' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - $(eval KEY_VAULT_SECRET_NAME=INFRASTRUCTURE) - -read-deployment-config: - $(eval SPACE=$(shell jq -r '.paas_space' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - $(eval POSTGRES_DATABASE_NAME=$(shell jq -r '.postgres_database_name' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - $(eval FLT_APP_NAME=$(shell jq -r '.flt_app_name' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - ##@ Query parameter store to display environment variables. Requires Azure credentials set-azure-account: ${environment} echo "Logging on to ${AZURE_SUBSCRIPTION}" @@ -162,18 +109,6 @@ rename-postgres-service: read-deployment-config ## make dev rename-postgres-serv cf target -s ${SPACE} > /dev/null cf rename-service ${POSTGRES_DATABASE_NAME} ${POSTGRES_DATABASE_NAME}-$(NEW_NAME_SUFFIX) -remove-postgres-tf-state: terraform-init ## make dev remove-postgres-tf-state PASSCODE=XXX - cd terraform && terraform state rm cloudfoundry_service_instance.postgres - -restore-postgres: terraform-init read-deployment-config ## make dev restore-postgres DB_INSTANCE_GUID="" BEFORE_TIME="yyyy-MM-dd hh:mm:ss" TF_VAR_api_docker_image=ghcr.io/dfe-digital/find-a-lost-trn: PASSCODE= - cf target -s ${SPACE} > /dev/null - $(if $(DB_INSTANCE_GUID), , $(error can only run with DB_INSTANCE_GUID, get it by running `make ${SPACE} get-postgres-instance-guid`)) - $(if $(BEFORE_TIME), , $(error can only run with BEFORE_TIME, eg BEFORE_TIME="2021-09-14 16:00:00")) - $(eval export TF_VAR_paas_restore_db_from_db_instance=$(DB_INSTANCE_GUID)) - $(eval export TF_VAR_paas_restore_db_from_point_in_time_before=$(BEFORE_TIME)) - echo "Restoring ${POSTGRES_DATABASE_NAME} from $(TF_VAR_paas_restore_db_from_db_instance) before $(TF_VAR_paas_restore_db_from_point_in_time_before)" - make ${DEPLOY_ENV} terraform-apply - restore-data-from-backup: read-deployment-config # make production restore-data-from-backup CONFIRM_RESTORE=YES BACKUP_FILENAME="find-a-lost-trn-production-pg-svc-2022-04-28-01" @if [[ "$(CONFIRM_RESTORE)" != YES ]]; then echo "Please enter "CONFIRM_RESTORE=YES" to run workflow"; exit 1; fi $(eval export AZURE_BACKUP_STORAGE_ACCOUNT_NAME=$(AZURE_BACKUP_STORAGE_ACCOUNT_NAME)) @@ -181,37 +116,20 @@ restore-data-from-backup: read-deployment-config # make production restore-data- bin/download-db-backup ${AZURE_BACKUP_STORAGE_ACCOUNT_NAME} ${AZURE_BACKUP_STORAGE_CONTAINER_NAME} ${BACKUP_FILENAME}.tar.gz bin/restore-db ${DEPLOY_ENV} ${CONFIRM_RESTORE} ${SPACE} ${BACKUP_FILENAME}.sql ${POSTGRES_DATABASE_NAME} -terraform-init: - $(if $(or $(DISABLE_PASSCODE),$(PASSCODE)), , $(error Missing environment variable "PASSCODE", retrieve from https://login.london.cloud.service.gov.uk/passcode)) - [[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true - terraform -chdir=terraform/paas init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars $(backend_config) -upgrade -reconfigure - -terraform-plan: terraform-init - terraform -chdir=terraform/paas plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json - -terraform-apply: terraform-init - terraform -chdir=terraform/paas apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} - -terraform-apply-replace-redis: terraform-init # make dev terraform-apply-replace-redis PASSCODE="XXX" - terraform -chdir=terraform/paas apply -replace="cloudfoundry_service_instance.redis" -replace="cloudfoundry_app.app" -replace="cloudfoundry_service_key.redis_key" -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} - -terraform-destroy: terraform-init - terraform -chdir=terraform/paas destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} - -terraform-init-aks: bin/terrafile +terraform-init: bin/terrafile $(if $(or $(DISABLE_PASSCODE),$(PASSCODE)), , $(error Missing environment variable "PASSCODE", retrieve from https://login.london.cloud.service.gov.uk/passcode)) [[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true ./bin/terrafile -p terraform/aks/vendor/modules -f terraform/aks/workspace_variables/$(CONFIG)_Terrafile terraform -chdir=terraform/aks init -backend-config workspace_variables/$(CONFIG).backend.tfvars $(backend_config) -upgrade -reconfigure $(if $(DOCKER_IMAGE), $(eval export TF_VAR_paas_app_docker_image=$(DOCKER_IMAGE)), $(error Missing environment variable "DOCKER_IMAGE")) -terraform-plan-aks: terraform-init-aks +terraform-plan: terraform-init terraform -chdir=terraform/aks plan -var-file workspace_variables/$(CONFIG).tfvars.json -terraform-apply-aks: terraform-init-aks +terraform-apply: terraform-init terraform -chdir=terraform/aks apply -var-file workspace_variables/$(CONFIG).tfvars.json ${AUTO_APPROVE} -terraform-destroy-aks: terraform-init-aks +terraform-destroy: terraform-init terraform -chdir=terraform/aks destroy -var-file workspace_variables/$(CONFIG).tfvars.json ${AUTO_APPROVE} deploy-azure-resources: set-azure-account tags # make dev deploy-azure-resources CONFIRM_DEPLOY=1 diff --git a/global_config/development.sh b/global_config/development.sh new file mode 100644 index 000000000..666b9ceb8 --- /dev/null +++ b/global_config/development.sh @@ -0,0 +1,7 @@ +CONFIG=development +DEPLOY_ENV=development +CONFIG_SHORT=dv +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test +AZURE_RESOURCE_PREFIX=s189t01 +ENV_TAG=Test +DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_dev.tfstate diff --git a/global_config/preproduction.sh b/global_config/preproduction.sh new file mode 100644 index 000000000..476513a4e --- /dev/null +++ b/global_config/preproduction.sh @@ -0,0 +1,7 @@ +CONFIG=preproduction +DEPLOY_ENV=preproduction +CONFIG_SHORT=pp +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test +AZURE_RESOURCE_PREFIX=s189t01 +ENV_TAG=Test +DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_preprod.tfstate diff --git a/global_config/production.sh b/global_config/production.sh new file mode 100644 index 000000000..823eba913 --- /dev/null +++ b/global_config/production.sh @@ -0,0 +1,7 @@ +CONFIG=production +DEPLOY_ENV=production +CONFIG_SHORT=pd +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production +AZURE_RESOURCE_PREFIX=s189p01 +ENV_TAG=Prod +DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_prod.tfstate \ No newline at end of file diff --git a/global_config/review.sh b/global_config/review.sh new file mode 100644 index 000000000..23f35d0e8 --- /dev/null +++ b/global_config/review.sh @@ -0,0 +1,7 @@ +CONFIG=review_aks +DEPLOY_ENV=review +CONFIG_SHORT=rv +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test +AZURE_RESOURCE_PREFIX=s189t01 +ENV_TAG=Test +DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_review.tfstate diff --git a/global_config/test.sh b/global_config/test.sh new file mode 100644 index 000000000..36183a533 --- /dev/null +++ b/global_config/test.sh @@ -0,0 +1,7 @@ +CONFIG=test +DEPLOY_ENV=test +CONFIG_SHORT=ts +AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test +AZURE_RESOURCE_PREFIX=s189t01 +ENV_TAG=Test +DOMAINS_TERRAFORM_BACKEND_KEY=faltrndomains_test.tfstate diff --git a/terraform/aks/workspace_variables/development.backend.tfvars b/terraform/aks/workspace_variables/development.backend.tfvars new file mode 100644 index 000000000..438c139b7 --- /dev/null +++ b/terraform/aks/workspace_variables/development.backend.tfvars @@ -0,0 +1,3 @@ +resource_group_name = "s189t01-faltrn-dv-rg" +storage_account_name = "s189t01faltrntfstatedvsa" +key = "terraform.tfstate" diff --git a/terraform/aks/workspace_variables/development.tfvars.json b/terraform/aks/workspace_variables/development.tfvars.json new file mode 100644 index 000000000..730ffa88f --- /dev/null +++ b/terraform/aks/workspace_variables/development.tfvars.json @@ -0,0 +1,13 @@ +{ + "app_environment": "development", + "cluster": "test", + "file_environment": "dev", + "enable_monitoring": false, + "namespace": "tra-development", + "azure_resource_prefix": "s189t01", + "config_short": "dv", + "service_short": "faltrn", + "app_key_vault": "s189t01-faltrn-dv-app-kv", + "inf_vault_name": "s189t01-faltrn-dv-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-dv-rg" +} diff --git a/terraform/aks/workspace_variables/development_Terrafile b/terraform/aks/workspace_variables/development_Terrafile new file mode 100644 index 000000000..65af53b11 --- /dev/null +++ b/terraform/aks/workspace_variables/development_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "main" diff --git a/terraform/aks/workspace_variables/preproduction.backend.tfvars b/terraform/aks/workspace_variables/preproduction.backend.tfvars new file mode 100644 index 000000000..d11f6c73c --- /dev/null +++ b/terraform/aks/workspace_variables/preproduction.backend.tfvars @@ -0,0 +1,3 @@ +resource_group_name = "s189t01-faltrn-pp-rg" +storage_account_name = "s189t01faltrntfstateppsa" +key = "terraform.tfstate" diff --git a/terraform/aks/workspace_variables/preproduction.tfvars.json b/terraform/aks/workspace_variables/preproduction.tfvars.json new file mode 100644 index 000000000..8702b4878 --- /dev/null +++ b/terraform/aks/workspace_variables/preproduction.tfvars.json @@ -0,0 +1,23 @@ +{ + "app_environment": "preproduction", + "cluster": "test", + "enable_monitoring": false, + "file_environment": "preprod", + "namespace": "tra-test", + "azure_resource_prefix": "s189t01", + "config_short": "pp", + "service_short": "faltrn", + "app_key_vault": "s189t01-faltrn-pp-app-kv", + "statuscake_alerts": { + "alert": { + "website_url": [ + "https://preprod.find-a-lost-trn.education.gov.uk/health/all", + "https://find-a-lost-trn-preproduction.test.teacherservices.cloud/health/all" + ], + "contact_group": [282783], + "ssl_domain": "https://preprod.find-a-lost-trn.education.gov.uk" + } + }, + "inf_vault_name": "s189t01-faltrn-pp-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-pp-rg" +} diff --git a/terraform/aks/workspace_variables/preproduction_Terrafile b/terraform/aks/workspace_variables/preproduction_Terrafile new file mode 100644 index 000000000..5b2b118f0 --- /dev/null +++ b/terraform/aks/workspace_variables/preproduction_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/aks/workspace_variables/production.backend.tfvars b/terraform/aks/workspace_variables/production.backend.tfvars new file mode 100644 index 000000000..869908941 --- /dev/null +++ b/terraform/aks/workspace_variables/production.backend.tfvars @@ -0,0 +1,3 @@ +resource_group_name = "s189p01-faltrn-pd-rg" +storage_account_name = "s189p01faltrntfstatepdsa" +key = "terraform.tfstate" diff --git a/terraform/aks/workspace_variables/production.tfvars.json b/terraform/aks/workspace_variables/production.tfvars.json new file mode 100644 index 000000000..eccff6b03 --- /dev/null +++ b/terraform/aks/workspace_variables/production.tfvars.json @@ -0,0 +1,27 @@ +{ + "app_environment": "production", + "cluster": "production", + "file_environment": "prod", + "enable_monitoring": false, + "namespace": "tra-production", + "azure_resource_prefix": "s189p01", + "config_short": "pd", + "service_short": "faltrn", + "app_key_vault": "s189p01-faltrn-pd-app-kv", + "statuscake_alerts": { + "alert": { + "website_url": [ + "https://find-a-lost-trn.education.gov.uk/health/all", + "https://find-a-lost-trn-production.teacherservices.cloud/health/all" + ], + "contact_group": [282783], + "ssl_domain": "https://find-a-lost-trn.education.gov.uk", + "confirmations": 2 + } + }, + "inf_vault_name": "s189p01-faltrn-pd-inf-kv", + "key_vault_resource_group": "s189p01-faltrn-pd-rg", + "worker_replicas": 2, + "replicas": 2, + "azure_enable_backup_storage": true +} diff --git a/terraform/aks/workspace_variables/production_Terrafile b/terraform/aks/workspace_variables/production_Terrafile new file mode 100644 index 000000000..5b2b118f0 --- /dev/null +++ b/terraform/aks/workspace_variables/production_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "stable" diff --git a/terraform/aks/workspace_variables/review.backend.tfvars b/terraform/aks/workspace_variables/review.backend.tfvars new file mode 100644 index 000000000..3d01b90cc --- /dev/null +++ b/terraform/aks/workspace_variables/review.backend.tfvars @@ -0,0 +1,3 @@ +resource_group_name = "s189t01-faltrn-rv-rg" +storage_account_name = "s189t01faltrntfstatervsa" + diff --git a/terraform/aks/workspace_variables/review.tfvars.json b/terraform/aks/workspace_variables/review.tfvars.json new file mode 100644 index 000000000..0863451d5 --- /dev/null +++ b/terraform/aks/workspace_variables/review.tfvars.json @@ -0,0 +1,14 @@ +{ + "app_environment": "review", + "cluster": "test", + "file_environment": "review", + "enable_monitoring": false, + "namespace": "tra-development", + "azure_resource_prefix": "s189t01", + "config_short": "rv", + "service_short": "faltrn", + "deploy_azure_backing_services": false, + "enable_postgres_ssl": false, + "inf_vault_name": "s189t01-faltrn-rv-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-rv-rg" +} diff --git a/terraform/aks/workspace_variables/review_Terrafile b/terraform/aks/workspace_variables/review_Terrafile new file mode 100644 index 000000000..fa0b42c00 --- /dev/null +++ b/terraform/aks/workspace_variables/review_Terrafile @@ -0,0 +1,4 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "main" + \ No newline at end of file diff --git a/terraform/aks/workspace_variables/test.backend.tfvars b/terraform/aks/workspace_variables/test.backend.tfvars new file mode 100644 index 000000000..801d342bd --- /dev/null +++ b/terraform/aks/workspace_variables/test.backend.tfvars @@ -0,0 +1,3 @@ +resource_group_name = "s189t01-faltrn-ts-rg" +storage_account_name = "s189t01faltrntfstatetssa" +key = "terraform.tfstate" diff --git a/terraform/aks/workspace_variables/test.tfvars.json b/terraform/aks/workspace_variables/test.tfvars.json new file mode 100644 index 000000000..03ad4f5c2 --- /dev/null +++ b/terraform/aks/workspace_variables/test.tfvars.json @@ -0,0 +1,13 @@ +{ + "app_environment": "test", + "cluster": "test", + "file_environment": "test", + "enable_monitoring": false, + "namespace": "tra-test", + "azure_resource_prefix": "s189t01", + "config_short": "ts", + "service_short": "faltrn", + "app_key_vault": "s189t01-faltrn-ts-app-kv", + "inf_vault_name": "s189t01-faltrn-ts-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-ts-rg" +} diff --git a/terraform/aks/workspace_variables/test_Terrafile b/terraform/aks/workspace_variables/test_Terrafile new file mode 100644 index 000000000..b4c222c13 --- /dev/null +++ b/terraform/aks/workspace_variables/test_Terrafile @@ -0,0 +1,3 @@ +aks: + source: "https://github.com/DFE-Digital/terraform-modules" + version: "testing" diff --git a/terraform/paas/.gitignore b/terraform/paas/.gitignore deleted file mode 100644 index 1c99dc138..000000000 --- a/terraform/paas/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.terraform/ diff --git a/terraform/paas/.terraform.lock.hcl b/terraform/paas/.terraform.lock.hcl deleted file mode 100644 index 3ee8cbc51..000000000 --- a/terraform/paas/.terraform.lock.hcl +++ /dev/null @@ -1,69 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/cloudfoundry-community/cloudfoundry" { - version = "0.51.3" - constraints = "~> 0.15" - hashes = [ - "h1:Wuz3KPG8YwBFfla8FDxqIQnBAqQhX8AkS9rSRMmYKKc=", - "zh:011f93f31daefd75e4664ce80462f13f0ee1f93c073b3217730e7a136ca9d544", - "zh:0d9078e43a1dcefd62f593e248d7b44478dd75cd70aabdfce92a52abe065f297", - "zh:29cc360081f68442ec2f4b1d90f24b9cc3c1017c86e18de62eb8043dbbf7fe8c", - "zh:48ea027fd3ecefac3302a58dd61389b086c123d621f094a441aef0c036f9d9f3", - "zh:59cbaec857468fe10e91e9f67358bb0c18e91d9dc1bf4386ace42c2a95925889", - "zh:8537822684fc2b531ed1c404da25fee2af71f9cfc326bb26b35828d6a7087ed3", - "zh:b0d88d3fcd86c5c493de4001e9f1c961e1650a364831380c2aa9ab17551094b7", - "zh:cbde14e2c1f84285b0ae28dfb0c495ec6ba503d3abd95774f92492dd26276e14", - "zh:cc29ecc864a5f2c1f4d3c6425d595c163ccd202203a40dc78a22f7b8f945efc8", - "zh:d3ab24d7b5081b3858053b88222c7652d7432de15a3e037eef0f5d96881f7ef8", - "zh:dc125bab081ae478c0afedbeb805238f97fea83e999aa94c2e400e646b845df2", - "zh:e12d7ed99ac17b2724f2129db75540c55bbe9e10d067dac8d71216598ce492d1", - "zh:fb4f969728f285b5dc460fc8693cfb3f0d4139bda2d389e5de2a0ad91f2009a1", - "zh:fca9941b778e7f6ca57d44d698f528438283ab15c1789d8b48be722fe7c03b4b", - "zh:fea692d2ed3d4e9da5aebdc54d1c19afe97e07d597b7d5d768224976bc329cc2", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "2.99.0" - constraints = "~> 2.84" - hashes = [ - "h1:/ZY1j8YgB5GeqPnjT8avyRFjUcGH3rCk1xGLKcUCtWc=", - "h1:FXBB5TkvZpZA+ZRtofPvp5IHZpz4Atw7w9J8GDgMhvk=", - "zh:08d81e72e97351538ab4d15548942217bf0c4d3b79ad3f4c95d8f07f902d2fa6", - "zh:11fdfa4f42d6b6f01371f336fea56f28a1db9e7b490c5ca0b352f6bbca5a27f1", - "zh:12376e2c4b56b76098d5d713d1a4e07e748a926c4d165f0bd6f52157b1f7a7e9", - "zh:31f1cb5b88ed1307625050e3ee7dd9948773f522a3f3bf179195d607de843ea3", - "zh:767971161405d38412662a73ea40a422125cdc214c72fbc569bcfbea6e66c366", - "zh:973c402c3728b68c980ea537319b703c009b902a981b0067fbc64e04a90e434c", - "zh:9ec62a4f82ec1e92bceeff80dd8783f61de0a94665c133f7c7a7a68bda9cdbd6", - "zh:bbb3b7e1229c531c4634338e4fc81b28bce58312eb843a931a4420abe42d5b7e", - "zh:cbbe02cd410d21476b3a081b5fa74b4f1b3d9d79b00214009028d60e859c19a3", - "zh:cc00ecc7617a55543b60a0da1196ea92df48c399bcadbedf04c783e3d47c6e08", - "zh:eecb9fd0e7509c7fd4763e546ef0933f125770cbab2b46152416e23d5ec9dd53", - ] -} - -provider "registry.terraform.io/statuscakedev/statuscake" { - version = "2.0.5" - constraints = "2.0.5" - hashes = [ - "h1:8/x0qo4d2j83dbM5RmGW++GJ4gQbz9OgoedLtPyFJIg=", - "h1:xOdqOYEZQW9aqoBekGGMnqZueTAdhQ5XnfOfzeQnSc4=", - "zh:0d4abab56a77562c8c347e4bec8ec5f9cb74cfa78e14485d1895dbae2d3e46d1", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1d3a6ad4d42bdf912482ca1b6100883ce6075257b841723c155aef52ffffc7c5", - "zh:2a613729fa535c15214029832fd7da54adbe2142b84033ae78509b0fa1db1d5b", - "zh:3e8546072054c6f356193d942deab120ef9f5cd861891e4e8b4951a971573de5", - "zh:4211f740a066527475e14819ecd3551985b1dd52245de1d9bb2d6db57a37fb70", - "zh:45bbce8cebd7ec50d4691081b0f119fc75512e1e306d87584b33ad7cc337939f", - "zh:4b514734633ce09d30ea9e7ef0caabd788575bb1b706af0c8ba60b96a923dcba", - "zh:6ddc4591d4e52cbd78c2a9473c870287166c1d1c15802257bd1780330f6ad0d8", - "zh:79f974a40afe997081410e7e6c2ffa96d7cf51969f2bb8ef930d42f6a857b5c9", - "zh:98b155af2ebcbf710febd6263b9f8ad5a79faed1d6177432f081539cebece959", - "zh:b0f6f90c02d851740fe1177e807fd32cd17519f57fb0dda9ed3d9f5845d9bbc0", - "zh:b39348a178af82ba1d26b93cb2d0cbb375b1c8607554390568e5d603539e8392", - "zh:c5a13978a2ddacfc7507d3d149044791408d7075c99eafe2f7daa01eea061213", - "zh:dc1e63f106f95591f162cac520e71ed7203c270b9e17eb3b5333e80a02c9905c", - ] -} diff --git a/terraform/paas/app.tf b/terraform/paas/app.tf deleted file mode 100644 index b03d6565b..000000000 --- a/terraform/paas/app.tf +++ /dev/null @@ -1,103 +0,0 @@ -locals { - app_environment_variables = merge(try(local.infrastructure_secrets, null), - { - REDIS_URL = cloudfoundry_service_key.redis_key.credentials.uri - HOSTING_ENVIRONMENT_NAME = var.hosting_environment_name - } - ) - logstash_endpoint = data.azurerm_key_vault_secret.secrets["LOGSTASH-ENDPOINT"].value -} - -resource "cloudfoundry_route" "flt_public" { - domain = data.cloudfoundry_domain.cloudapps.id - hostname = local.flt_app_name - space = data.cloudfoundry_space.space.id -} - -resource "cloudfoundry_route" "flt_internal" { - count = local.configure_prometheus_network_policy - domain = data.cloudfoundry_domain.internal.id - space = data.cloudfoundry_space.space.id - hostname = local.flt_app_name -} - -resource "cloudfoundry_route" "flt_education" { - for_each = toset(var.hostnames) - domain = data.cloudfoundry_domain.education_gov_uk.id - space = data.cloudfoundry_space.space.id - hostname = each.value -} - -resource "cloudfoundry_user_provided_service" "logging" { - name = "${var.logging_service_name}${var.app_suffix}" - space = data.cloudfoundry_space.space.id - syslog_drain_url = "syslog-tls://${local.logstash_endpoint}" -} -resource "cloudfoundry_service_instance" "postgres" { - name = local.postgres_database_name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.postgres.service_plans[var.postgres_database_service_plan] - json_params = jsonencode(local.restore_db_backup_params) - timeouts { - create = "60m" - update = "60m" - } -} - -resource "cloudfoundry_service_instance" "redis" { - name = local.redis_name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.redis.service_plans[var.redis_service_plan] -} - -resource "cloudfoundry_service_key" "redis_key" { - name = "${local.redis_name}_key" - service_instance = cloudfoundry_service_instance.redis.id -} -resource "cloudfoundry_app" "app" { - name = local.flt_app_name - space = data.cloudfoundry_space.space.id - instances = var.flt_instances - memory = var.flt_memory - disk_quota = var.flt_disk_quota - docker_image = var.flt_docker_image - strategy = "blue-green" - environment = local.app_environment_variables - health_check_type = "http" - health_check_http_endpoint = "/health" - dynamic "routes" { - for_each = local.flt_routes - content { - route = routes.value.id - } - } - - dynamic "service_binding" { - for_each = local.app_service_bindings - content { - service_instance = service_binding.value - } - } -} - -resource "cloudfoundry_app" "worker" { - name = "${local.flt_app_name}-worker" - space = data.cloudfoundry_space.space.id - instances = var.flt_instances - memory = var.flt_memory - disk_quota = var.flt_disk_quota - docker_image = var.flt_docker_image - command = "bundle exec sidekiq -C ./config/sidekiq.yml" - strategy = "blue-green" - environment = local.app_environment_variables - - health_check_type = "process" - - service_binding { - service_instance = cloudfoundry_service_instance.postgres.id - } - - service_binding { - service_instance = cloudfoundry_service_instance.redis.id - } -} diff --git a/terraform/paas/data.tf b/terraform/paas/data.tf deleted file mode 100644 index 4c7acec30..000000000 --- a/terraform/paas/data.tf +++ /dev/null @@ -1,38 +0,0 @@ -data "azurerm_key_vault" "vault" { - name = var.key_vault_name - resource_group_name = var.resource_group_name -} - -data "azurerm_key_vault_secrets" "secrets" { - key_vault_id = data.azurerm_key_vault.vault.id -} - -data "azurerm_key_vault_secret" "secrets" { - key_vault_id = data.azurerm_key_vault.vault.id - for_each = toset(data.azurerm_key_vault_secrets.secrets.names) - name = each.key -} - -data "cloudfoundry_space" "space" { - name = var.paas_space - org_name = var.paas_org_name -} - -data "cloudfoundry_domain" "cloudapps" { - name = "london.cloudapps.digital" -} - -data "cloudfoundry_domain" "internal" { - name = "apps.internal" -} -data "cloudfoundry_domain" "education_gov_uk" { - name = "education.gov.uk" -} - -data "cloudfoundry_service" "postgres" { - name = "postgres" -} - -data "cloudfoundry_service" "redis" { - name = "redis" -} diff --git a/terraform/paas/network-policies.tf b/terraform/paas/network-policies.tf deleted file mode 100644 index 811a56825..000000000 --- a/terraform/paas/network-policies.tf +++ /dev/null @@ -1,25 +0,0 @@ -locals { - configure_prometheus_network_policy = var.prometheus_app == null ? 0 : 1 -} - -data "cloudfoundry_app" "flt_web_app" { - depends_on = [cloudfoundry_app.app] - name_or_id = cloudfoundry_app.app.name - space = data.cloudfoundry_space.space.id -} - -data "cloudfoundry_app" "prometheus_app" { - count = local.configure_prometheus_network_policy - name_or_id = var.prometheus_app - space = data.cloudfoundry_space.space.id -} - -resource "cloudfoundry_network_policy" "prometheus_to_flt_policy" { - depends_on = [data.cloudfoundry_app.flt_web_app] - count = local.configure_prometheus_network_policy - policy { - source_app = data.cloudfoundry_app.prometheus_app[0].id - destination_app = data.cloudfoundry_app.flt_web_app.id - port = "3000" - } -} diff --git a/terraform/paas/outputs.tf b/terraform/paas/outputs.tf deleted file mode 100644 index 6802c9459..000000000 --- a/terraform/paas/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "flt_fqdn" { - value = "${cloudfoundry_route.flt_public.hostname}.${data.cloudfoundry_domain.cloudapps.name}" -} diff --git a/terraform/paas/provider.tf b/terraform/paas/provider.tf deleted file mode 100644 index 86006ceaf..000000000 --- a/terraform/paas/provider.tf +++ /dev/null @@ -1,26 +0,0 @@ -locals { - azure_credentials = try(jsondecode(var.azure_sp_credentials_json), null) - infrastructure_secrets = yamldecode(data.azurerm_key_vault_secret.secrets["INFRASTRUCTURE"].value) - monitoring_secrets = yamldecode(data.azurerm_key_vault_secret.secrets["MONITORING"].value) -} - -provider "azurerm" { - subscription_id = try(local.azure_credentials.subscriptionId, null) - client_id = try(local.azure_credentials.clientId, null) - client_secret = try(local.azure_credentials.clientSecret, null) - tenant_id = try(local.azure_credentials.tenantId, null) - skip_provider_registration = true - - features {} -} - -provider "cloudfoundry" { - api_url = var.paas_api_url - user = data.azurerm_key_vault_secret.secrets["PAAS-USER"].value - password = data.azurerm_key_vault_secret.secrets["PAAS-PASSWORD"].value -} - -provider "statuscake" { - api_token = local.monitoring_secrets.STATUSCAKE_PASSWORD -} - diff --git a/terraform/paas/statuscake.tf b/terraform/paas/statuscake.tf deleted file mode 100644 index f33d1b0d6..000000000 --- a/terraform/paas/statuscake.tf +++ /dev/null @@ -1,22 +0,0 @@ -resource "statuscake_uptime_check" "alert" { - for_each = var.statuscake_alerts - - name = each.value.website_name - contact_groups = each.value.contact_group - confirmation = each.value.confirmations - trigger_rate = 0 - check_interval = 30 - regions = ["london", "dublin"] - - http_check { - follow_redirects = true - timeout = 40 - request_method = "HTTP" - status_codes = ["204", "205", "206", "303", "400", "401", "403", "404", "405", "406", "408", "410", "413", "444", "429", "494", "495", "496", "499", "500", "501", "502", "503", "504", "505", "506", "507", "508", "509", "510", "511", "521", "522", "523", "524", "520", "598", "599"] - validate_ssl = false - } - - monitored_resource { - address = each.value.website_url - } -} diff --git a/terraform/paas/terraform.tf b/terraform/paas/terraform.tf deleted file mode 100644 index a0b1f280a..000000000 --- a/terraform/paas/terraform.tf +++ /dev/null @@ -1,24 +0,0 @@ -terraform { - required_version = "~> 1.0" - - backend "azurerm" { - container_name = "faltrn-tfstate" - } - - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~> 2.84" - } - - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "~> 0.15" - } - - statuscake = { - source = "StatusCakeDev/statuscake" - version = "2.0.5" - } - } -} diff --git a/terraform/paas/variables.tf b/terraform/paas/variables.tf deleted file mode 100644 index 60e5a3f62..000000000 --- a/terraform/paas/variables.tf +++ /dev/null @@ -1,115 +0,0 @@ -variable "environment_name" { - type = string -} - -variable "azure_sp_credentials_json" { - type = string - default = null -} - -variable "key_vault_name" { - type = string -} - -variable "resource_group_name" { - type = string -} - -variable "paas_api_url" { - default = "https://api.london.cloud.service.gov.uk" -} - -variable "paas_org_name" { - type = string - default = "dfe" -} - -variable "paas_space" { - type = string -} - -variable "app_suffix" { - type = string - default = "" -} -variable "flt_docker_image" { - type = string -} - -variable "flt_instances" { - default = 1 -} - -variable "flt_memory" { - default = "1024" -} - -variable "flt_disk_quota" { - default = "2048" -} - -variable "logging_service_name" { - type = string -} - -variable "enable_external_logging" { - type = bool - default = true -} - -variable "hosting_environment_name" { - type = string - default = "" -} - -variable "postgres_database_service_plan" { - type = string - default = "small-13" -} - -variable "paas_restore_db_from_db_instance" { - default = "" -} - -variable "paas_restore_db_from_point_in_time_before" { - default = "" -} - -variable "redis_service_plan" { - type = string - default = "tiny-6_x" -} - -variable "statuscake_alerts" { - type = map(any) -} - -variable "hostnames" { - default = [] - type = list(any) -} - -variable "prometheus_app" { - default = null -} -locals { - flt_app_name = "find-a-lost-trn-${var.environment_name}${var.app_suffix}" - postgres_database_name = "find-a-lost-trn-${var.environment_name}${var.app_suffix}-pg-svc" - redis_name = "find-a-lost-trn-${var.environment_name}${var.app_suffix}-redis-svc" - app_cloudfoundry_service_instances = [ - cloudfoundry_service_instance.postgres.id, - cloudfoundry_service_instance.redis.id, - ] - app_user_provided_service_bindings = var.enable_external_logging ? [cloudfoundry_user_provided_service.logging.id] : [] - app_service_bindings = concat(local.app_cloudfoundry_service_instances, local.app_user_provided_service_bindings) - flt_routes = flatten([ - cloudfoundry_route.flt_public, - cloudfoundry_route.flt_internal, - values(cloudfoundry_route.flt_education) - ]) - restore_db_backup_params = var.paas_restore_db_from_db_instance != "" ? { - restore_from_point_in_time_of = var.paas_restore_db_from_db_instance - restore_from_point_in_time_before = var.paas_restore_db_from_point_in_time_before - } : {} - -} diff --git a/terraform/paas/workspace_variables/dev.backend.tfvars b/terraform/paas/workspace_variables/dev.backend.tfvars deleted file mode 100644 index e18d57db9..000000000 --- a/terraform/paas/workspace_variables/dev.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165d01faltrntfstatedv" -key = "dev.tfstate" -resource_group_name = "s165d01-faltrn-dv-rg" diff --git a/terraform/paas/workspace_variables/dev.tfvars.json b/terraform/paas/workspace_variables/dev.tfvars.json deleted file mode 100644 index 1d405ca1f..000000000 --- a/terraform/paas/workspace_variables/dev.tfvars.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "environment_name": "dev", - "key_vault_name": "s165d01-faltrn-dv-kv", - "resource_group_name": "s165d01-faltrn-dv-rg", - "logging_service_name": "flt-logit-ssl-drain-dev", - "hosting_environment_name": "development", - "paas_space": "tra-dev", - "hostnames": ["dev-find-a-lost-trn"], - "statuscake_alerts": {}, - "prometheus_app": "prometheus-tra-monitoring-dev" -} diff --git a/terraform/paas/workspace_variables/preprod.backend.tfvars b/terraform/paas/workspace_variables/preprod.backend.tfvars deleted file mode 100644 index d9566bcd7..000000000 --- a/terraform/paas/workspace_variables/preprod.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165t01faltrntfstatepp" -key = "preprod.tfstate" -resource_group_name = "s165t01-faltrn-pp-rg" diff --git a/terraform/paas/workspace_variables/preprod.tfvars.json b/terraform/paas/workspace_variables/preprod.tfvars.json deleted file mode 100644 index b20cde109..000000000 --- a/terraform/paas/workspace_variables/preprod.tfvars.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "environment_name": "preprod", - "key_vault_name": "s165t01-faltrn-pp-kv", - "resource_group_name": "s165t01-faltrn-pp-rg", - "flt_instances": 2, - "logging_service_name": "flt-logit-ssl-drain-preprod", - "hosting_environment_name": "preprod", - "paas_space": "tra-test", - "postgres_database_service_plan": "small-ha-13", - "hostnames": ["preprod-find-a-lost-trn"], - "statuscake_alerts": { - "tra-flt-preprod": { - "website_name": "find-a-lost-trn-preprod", - "website_url": "https://find-a-lost-trn-preprod.london.cloudapps.digital/health", - "contact_group": [249142], - "confirmations": 2 - } - } -} diff --git a/terraform/paas/workspace_variables/production.backend.tfvars b/terraform/paas/workspace_variables/production.backend.tfvars deleted file mode 100644 index e68cd359e..000000000 --- a/terraform/paas/workspace_variables/production.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165p01faltrntfstatepd" -key = "production.tfstate" -resource_group_name = "s165p01-faltrn-pd-rg" diff --git a/terraform/paas/workspace_variables/production.tfvars.json b/terraform/paas/workspace_variables/production.tfvars.json deleted file mode 100644 index fb42dd460..000000000 --- a/terraform/paas/workspace_variables/production.tfvars.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "environment_name": "production", - "key_vault_name": "s165p01-faltrn-pd-kv", - "resource_group_name": "s165p01-faltrn-pd-rg", - "flt_instances": 2, - "flt_disk_quota": "2560", - "logging_service_name": "flt-logit-ssl-drain-production", - "hosting_environment_name": "production", - "paas_space": "tra-production", - "postgres_database_service_plan": "small-ha-13", - "hostnames": ["find-a-lost-trn"], - "statuscake_alerts": { - "tra-flt-prod-1": { - "website_name": "find-a-lost-trn-production", - "website_url": "https://find-a-lost-trn-production.london.cloudapps.digital/health/all", - "contact_group": [249142], - "confirmations": 2 - }, - "tra-flt-prod-2": { - "website_name": "find-a-lost-trn-production", - "website_url": "https://find-a-lost-trn.education.gov.uk/health/all", - "contact_group": [249142], - "confirmations": 2 - } - }, - "prometheus_app": "prometheus-tra-monitoring-prod" -} diff --git a/terraform/paas/workspace_variables/review.backend.tfvars b/terraform/paas/workspace_variables/review.backend.tfvars deleted file mode 100644 index fcdeaa042..000000000 --- a/terraform/paas/workspace_variables/review.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165d01faltrntfstatedv" -# The key is provided dynamically for each review app via the Makefile -resource_group_name = "s165d01-faltrn-dv-rg" diff --git a/terraform/paas/workspace_variables/review.tfvars.json b/terraform/paas/workspace_variables/review.tfvars.json deleted file mode 100644 index b06b601ea..000000000 --- a/terraform/paas/workspace_variables/review.tfvars.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "environment_name": "review", - "key_vault_name": "s165d01-faltrn-dv-kv", - "resource_group_name": "s165d01-faltrn-dv-rg", - "logging_service_name": "flt-logit-ssl-drain-review", - "enable_external_logging": false, - "hosting_environment_name": "review", - "paas_space": "tra-dev", - "statuscake_alerts": {} -} diff --git a/terraform/paas/workspace_variables/test.backend.tfvars b/terraform/paas/workspace_variables/test.backend.tfvars deleted file mode 100644 index 97bf0bc06..000000000 --- a/terraform/paas/workspace_variables/test.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165t01faltrntfstatets" -key = "test.tfstate" -resource_group_name = "s165t01-faltrn-ts-rg" diff --git a/terraform/paas/workspace_variables/test.tfvars.json b/terraform/paas/workspace_variables/test.tfvars.json deleted file mode 100644 index e86d8121d..000000000 --- a/terraform/paas/workspace_variables/test.tfvars.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "environment_name": "test", - "key_vault_name": "s165t01-faltrn-ts-kv", - "resource_group_name": "s165t01-faltrn-ts-rg", - "logging_service_name": "flt-logit-ssl-drain-test", - "hosting_environment_name": "development", - "paas_space": "tra-test", - "hostnames": ["test-find-a-lost-trn"], - "statuscake_alerts": { - "tra-flt-test": { - "website_name": "find-a-lost-trn-test", - "website_url": "https://find-a-lost-trn-test.london.cloudapps.digital/health", - "contact_group": [249142], - "confirmations": 2 - } - } -}