diff --git a/.github/workflows/actions/database-backup/action.yml b/.github/workflows/actions/database-backup/action.yml index c5fdb1d06..ef4ebba7e 100644 --- a/.github/workflows/actions/database-backup/action.yml +++ b/.github/workflows/actions/database-backup/action.yml @@ -28,7 +28,7 @@ runs: shell: bash id: set_kv_env_vars run: | - tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}_aks.tfvars.json + tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json cat $tf_vars_file INF_VAULT_NAME=$(jq -r '.inf_vault_name' ${tf_vars_file}) NAMESPACE=$(jq -r '.namespace' ${tf_vars_file}) diff --git a/.github/workflows/actions/deploy-environment/action.yml b/.github/workflows/actions/deploy-environment/action.yml deleted file mode 100644 index af4c3c61b..000000000 --- a/.github/workflows/actions/deploy-environment/action.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: Deploy PAAS environment - -inputs: - environment_name: - description: "The name of the environment" - required: true - docker_image: - description: "The Docker image to deploy to the environment" - required: true - azure_credentials: - description: "JSON object containing a service principal that can read from Azure Key Vault" - required: true - terraform_vars: - description: "Path to the tfvars file for the environment" - required: true - pr_id: - description: "Pull Request number" - required: false - -outputs: - environment_url: - description: "The base URL for the deployed environment" - value: ${{ steps.terraform.outputs.url }} - -runs: - using: composite - - steps: - - name: Extract configuration from tfvars - id: config - run: | - KEY_VAULT_NAME=$(jq -r '.key_vault_name' $TFVARS) - PAAS_SPACE=$(jq -r '.paas_space' $TFVARS) - - if [ -z "$KEY_VAULT_NAME" ]; then - echo "::error ::Failed to extract key_vault_name from $TFVARS" - exit 1 - fi - - if [ -z "$PAAS_SPACE" ]; then - echo "::error ::Failed to extract paas_space from $TFVARS" - exit 1 - fi - - echo ::set-output name=key_vault_name::$KEY_VAULT_NAME - echo ::set-output name=paas_space::$PAAS_SPACE - shell: bash - env: - TFVARS: ${{ inputs.terraform_vars }} - working-directory: terraform/paas - - - uses: Azure/login@v1 - with: - creds: ${{ inputs.azure_credentials }} - - - uses: Azure/get-keyvault-secrets@v1 - id: get_secrets - with: - keyvault: ${{ steps.config.outputs.key_vault_name }} - secrets: "TFSTATE-CONTAINER-ACCESS-KEY,PAAS-USER,PAAS-PASSWORD" - - - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.10 - terraform_wrapper: false - - - name: Terraform - id: terraform - run: | - make ci ${{ inputs.environment_name }} terraform-apply - cd terraform/paas && echo ::set-output name=url::https://$(terraform output -raw flt_fqdn)/ - env: - ARM_ACCESS_KEY: ${{ steps.get_secrets.outputs.TFSTATE-CONTAINER-ACCESS-KEY }} - TF_VAR_azure_sp_credentials_json: ${{ inputs.azure_credentials }} - TF_VAR_flt_docker_image: ${{ inputs.docker_image }} - pr_id: ${{ inputs.pr_id }} - shell: bash diff --git a/.github/workflows/actions/deploy_v2/action.yml b/.github/workflows/actions/deploy/action.yml similarity index 97% rename from .github/workflows/actions/deploy_v2/action.yml rename to .github/workflows/actions/deploy/action.yml index 39a1f3025..b02279970 100644 --- a/.github/workflows/actions/deploy_v2/action.yml +++ b/.github/workflows/actions/deploy/action.yml @@ -59,7 +59,7 @@ runs: - name: Terraform init, plan & apply shell: bash - run: make ci ${{ inputs.environment }} terraform-apply-aks + run: make ci ${{ inputs.environment }} terraform-apply env: ARM_ACCESS_KEY: ${{ inputs.arm-access-key }} DOCKER_IMAGE: ${{ inputs.docker_image }} diff --git a/.github/workflows/actions/smoke-test-v2/action.yml b/.github/workflows/actions/smoke-test-v2/action.yml deleted file mode 100644 index 589c2e7b1..000000000 --- a/.github/workflows/actions/smoke-test-v2/action.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Run smoke test - -inputs: - environment: - description: The name of the environment - required: true - azure_credentials: - description: JSON object containing a service principal that can read from Azure Key Vault - required: true - -runs: - using: composite - - steps: - - uses: Azure/login@v1 - with: - creds: ${{ inputs.azure_credentials }} - - - name: Prepare application environment - uses: ./.github/actions/prepare-app-env - - - name: Set environment variables - shell: bash - run: | - tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json - echo "APP_KEY_VAULT=$(jq -r '.app_key_vault' ${tf_vars_file})" >> $GITHUB_ENV - - - name: Retrieve Secrets from KV - uses: azure/CLI@v1 - id: retrieve-secrets - with: - inlineScript: | - HOSTING_DOMAIN=$(az keyvault secret show --name HOSTING-DOMAIN --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) - echo "::add-mask::$HOSTING_DOMAIN" - echo "HOSTING_DOMAIN=$HOSTING_DOMAIN" >> $GITHUB_OUTPUT - GOVUK_NOTIFY_API_KEY=$(az keyvault secret show --name GOVUK-NOTIFY-API-KEY --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) - echo "::add-mask::$GOVUK_NOTIFY_API_KEY" - echo "GOVUK_NOTIFY_API_KEY=$GOVUK_NOTIFY_API_KEY" >> $GITHUB_OUTPUT - HOSTING_ENVIRONMENT_NAME=$(az keyvault secret show --name HOSTING-ENVIRONMENT-NAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) - echo "::add-mask::$HOSTING_ENVIRONMENT_NAME" - echo "HOSTING_ENVIRONMENT_NAME=$HOSTING_ENVIRONMENT_NAME" >> $GITHUB_OUTPUT - SUPPORT_USERNAME=$(az keyvault secret show --name SUPPORT-USERNAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) - echo "::add-mask::$SUPPORT_USERNAME" - echo "SUPPORT_USERNAME=$SUPPORT_USERNAME" >> $GITHUB_OUTPUT - SUPPORT_PASSWORD=$(az keyvault secret show --name SUPPORT-PASSWORD --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) - echo "::add-mask::$SUPPORT_PASSWORD" - echo "SUPPORT_PASSWORD=$SUPPORT_PASSWORD" >> $GITHUB_OUTPUT - - - name: Run deployment smoke test - shell: bash - run: bin/smoke - env: - HOSTING_DOMAIN: ${{ steps.retrieve-secrets.outputs.HOSTING_DOMAIN }} - RAILS_ENV: ${{ steps.retrieve-secrets.outputs.HOSTING_ENVIRONMENT_NAME }} - GOVUK_NOTIFY_API_KEY: ${{ steps.retrieve-secrets.outputs.GOVUK_NOTIFY_API_KEY }} - SUPPORT_USERNAME: ${{ steps.retrieve-secrets.outputs.SUPPORT_USERNAME }} - SUPPORT_PASSWORD: ${{ steps.retrieve-secrets.outputs.SUPPORT_PASSWORD }} diff --git a/.github/workflows/actions/smoke-test/action.yml b/.github/workflows/actions/smoke-test/action.yml index bedb87609..589c2e7b1 100644 --- a/.github/workflows/actions/smoke-test/action.yml +++ b/.github/workflows/actions/smoke-test/action.yml @@ -22,23 +22,36 @@ runs: - name: Set environment variables shell: bash run: | - tf_vars_file=terraform/paas/workspace_variables/${{ inputs.environment }}.tfvars.json - echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV - echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV + tf_vars_file=terraform/aks/workspace_variables/${{ inputs.environment }}.tfvars.json + echo "APP_KEY_VAULT=$(jq -r '.app_key_vault' ${tf_vars_file})" >> $GITHUB_ENV - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret + - name: Retrieve Secrets from KV + uses: azure/CLI@v1 + id: retrieve-secrets with: - keyvault: ${{ env.KEY_VAULT_NAME }} - secret: INFRASTRUCTURE - key: HOSTING_DOMAIN,GOVUK_NOTIFY_API_KEY,SUPPORT_USERNAME,SUPPORT_PASSWORD + inlineScript: | + HOSTING_DOMAIN=$(az keyvault secret show --name HOSTING-DOMAIN --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) + echo "::add-mask::$HOSTING_DOMAIN" + echo "HOSTING_DOMAIN=$HOSTING_DOMAIN" >> $GITHUB_OUTPUT + GOVUK_NOTIFY_API_KEY=$(az keyvault secret show --name GOVUK-NOTIFY-API-KEY --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) + echo "::add-mask::$GOVUK_NOTIFY_API_KEY" + echo "GOVUK_NOTIFY_API_KEY=$GOVUK_NOTIFY_API_KEY" >> $GITHUB_OUTPUT + HOSTING_ENVIRONMENT_NAME=$(az keyvault secret show --name HOSTING-ENVIRONMENT-NAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) + echo "::add-mask::$HOSTING_ENVIRONMENT_NAME" + echo "HOSTING_ENVIRONMENT_NAME=$HOSTING_ENVIRONMENT_NAME" >> $GITHUB_OUTPUT + SUPPORT_USERNAME=$(az keyvault secret show --name SUPPORT-USERNAME --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) + echo "::add-mask::$SUPPORT_USERNAME" + echo "SUPPORT_USERNAME=$SUPPORT_USERNAME" >> $GITHUB_OUTPUT + SUPPORT_PASSWORD=$(az keyvault secret show --name SUPPORT-PASSWORD --vault-name "${{ env.APP_KEY_VAULT}}" --query 'value' -o tsv) + echo "::add-mask::$SUPPORT_PASSWORD" + echo "SUPPORT_PASSWORD=$SUPPORT_PASSWORD" >> $GITHUB_OUTPUT - name: Run deployment smoke test shell: bash run: bin/smoke env: - HOSTING_DOMAIN: ${{ steps.keyvault-yaml-secret.outputs.HOSTING_DOMAIN }} - RAILS_ENV: ${{ steps.keyvault-yaml-secret.outputs.HOSTING_ENVIRONMENT_NAME }} - GOVUK_NOTIFY_API_KEY: ${{ steps.keyvault-yaml-secret.outputs.GOVUK_NOTIFY_API_KEY }} - SUPPORT_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.SUPPORT_USERNAME }} - SUPPORT_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.SUPPORT_PASSWORD }} + HOSTING_DOMAIN: ${{ steps.retrieve-secrets.outputs.HOSTING_DOMAIN }} + RAILS_ENV: ${{ steps.retrieve-secrets.outputs.HOSTING_ENVIRONMENT_NAME }} + GOVUK_NOTIFY_API_KEY: ${{ steps.retrieve-secrets.outputs.GOVUK_NOTIFY_API_KEY }} + SUPPORT_USERNAME: ${{ steps.retrieve-secrets.outputs.SUPPORT_USERNAME }} + SUPPORT_PASSWORD: ${{ steps.retrieve-secrets.outputs.SUPPORT_PASSWORD }} diff --git a/.github/workflows/aks-db-backup.yml b/.github/workflows/aks-db-backup.yml index e2f10ca9d..5adf4d014 100644 --- a/.github/workflows/aks-db-backup.yml +++ b/.github/workflows/aks-db-backup.yml @@ -14,8 +14,8 @@ jobs: matrix: environment: [development, test, preproduction, production] environment: - name: ${{matrix.environment}}_aks - concurrency: ${{matrix.environment}}_${{github.event.number}}_aks + name: ${{matrix.environment}} + concurrency: ${{matrix.environment}}_${{github.event.number}} steps: - name: Check out the repo uses: actions/checkout@v4 diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index bcd1c5a68..141bd724a 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -21,7 +21,7 @@ env: jobs: docker: name: Docker build and push - if: contains(github.event.pull_request.labels.*.name, 'deploy') || contains(github.event.pull_request.labels.*.name, 'deploy_v2') || github.event_name != 'pull_request' + if: contains(github.event.pull_request.labels.*.name, 'deploy') || github.event_name != 'pull_request' runs-on: ubuntu-latest outputs: docker_image: ${{ steps.dockerimage.outputs.docker_image_tag }} @@ -44,37 +44,10 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: ./.github/workflows/actions/deploy-environment + - uses: ./.github/workflows/actions/deploy id: deploy with: - environment_name: review - docker_image: ${{ needs.docker.outputs.docker_image }} - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - terraform_vars: workspace_variables/review.tfvars.json - pr_id: ${{ github.event.pull_request.number }} - - - name: Post sticky pull request comment - if: github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@v2 - with: - message: | - Review app deployed to ${{ steps.deploy.outputs.environment_url }} - - deploy_v2_review: - name: Deploy to review_aks environment - concurrency: deploy_v2_review_${{ github.event.pull_request.number }} - needs: [docker] - runs-on: ubuntu-latest - if: contains(github.event.pull_request.labels.*.name, 'deploy_v2') - environment: - name: review_aks - - steps: - - uses: actions/checkout@v3 - - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 - with: - environment: review_aks + environment: review docker_image: ${{ needs.docker.outputs.docker_image }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} @@ -85,9 +58,9 @@ jobs: uses: marocchino/sticky-pull-request-comment@v2 with: message: | - AKS review app deployed to ${{ steps.deploy_v2.outputs.environment_url }} + AKS review app deployed to ${{ steps.deploy.outputs.environment_url }} - deploy_v2_nonprod: + deploy_nonprod: name: Deploy to ${{ matrix.environment }} environment runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event_name == 'push' @@ -96,7 +69,7 @@ jobs: strategy: max-parallel: 1 matrix: - environment: [development_aks, test_aks, preproduction_aks] + environment: [development, test, preproduction] environment: name: ${{ matrix.environment }} url: ${{ steps.deploy.outputs.environment_url }} @@ -105,38 +78,38 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 + - uses: ./.github/workflows/actions/deploy + id: deploy with: environment: ${{ matrix.environment }} docker_image: ${{ needs.docker.outputs.docker_image }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} - - uses: ./.github/workflows/actions/smoke-test-v2 + - uses: ./.github/workflows/actions/smoke-test id: smoke-test with: environment: ${{ matrix.environment }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - deploy_v2_production: - name: Deploy to production_aks environment + deploy_production: + name: Deploy to production environment runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event_name == 'push' environment: - name: production_aks - url: ${{ steps.deploy_v2.outputs.environment_url }} - concurrency: deploy_production_aks - needs: [docker, deploy_v2_nonprod] + name: production + url: ${{ steps.deploy.outputs.environment_url }} + concurrency: deploy_production + needs: [docker, deploy_nonprod] outputs: - environment_url: ${{ steps.deploy_v2.outputs.environment_url }} + environment_url: ${{ steps.deploy.outputs.environment_url }} steps: - uses: actions/checkout@v3 - - uses: ./.github/workflows/actions/deploy_v2 - id: deploy_v2 + - uses: ./.github/workflows/actions/deploy + id: deploy with: - environment: production_aks + environment: production docker_image: ${{ needs.docker.outputs.docker_image }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} diff --git a/.github/workflows/deploy_aks.yml b/.github/workflows/deploy_aks.yml index a9b0a5a0b..b88099c02 100644 --- a/.github/workflows/deploy_aks.yml +++ b/.github/workflows/deploy_aks.yml @@ -3,12 +3,12 @@ on: workflow_dispatch: inputs: environment: - description: "Deploy environment ( development_aks, test, preprod or production )" + description: "Deploy environment ( development, test, preprod or production )" required: true - default: development_aks + default: development type: choice options: - - development_aks + - development sha: description: Commit sha to be deployed required: true @@ -20,11 +20,11 @@ env: CONTAINER_REGISTRY: ghcr.io jobs: - deploy_v2_environment: - name: Deploy to development_aks environment + deploy_environment: + name: Deploy to development environment runs-on: ubuntu-latest environment: - name: development_aks + name: development steps: - uses: actions/checkout@v3 @@ -37,16 +37,16 @@ jobs: INPUT_GITHUB_SHA: 588bfd4567e53f6b809d5ed107dc70b3d040710a shell: bash - - uses: ./.github/workflows/actions/deploy_v2 + - uses: ./.github/workflows/actions/deploy id: deploy with: - environment: development_aks + environment: development docker_image: ${{ steps.image.outputs.tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} arm-access-key: ${{ secrets.ARM_ACCESS_KEY }} - - uses: ./.github/workflows/actions/smoke-test-v2 + - uses: ./.github/workflows/actions/smoke-test id: smoke-test with: - environment: development_aks + environment: development azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index aaf0ff241..cc8970f81 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -50,10 +50,13 @@ jobs: - name: Check formatting run: terraform fmt -check - working-directory: terraform/paas + working-directory: terraform/aks + + - name: Download vendor modules + run: make ci development terrafile - name: Validate run: | terraform init -backend=false terraform validate -no-color - working-directory: terraform/paas + working-directory: terraform/aks diff --git a/Makefile b/Makefile index a243759b0..f0756c271 100644 --- a/Makefile +++ b/Makefile @@ -19,71 +19,28 @@ aks: ## Sets environment variables for aks deployment $(eval KEY_VAULT_SECRET_NAME=APPLICATION) $(eval KEY_VAULT_PURGE_PROTECTION=false) -.PHONY: dev ## For Paas only -dev: - $(eval DEPLOY_ENV=dev) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) - $(eval RESOURCE_NAME_PREFIX=s165d01) - $(eval ENV_SHORT=dv) - $(eval ENV_TAG=dev) - -.PHONY: development_aks ## For AKS -development_aks: aks ## Specify development aks environment - $(eval include global_config/development_aks.sh) +.PHONY: development ## For AKS +development: aks ## Specify development aks environment + $(eval include global_config/development.sh) .PHONY: test -test: - $(eval DEPLOY_ENV=test) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) - $(eval RESOURCE_NAME_PREFIX=s165t01) - $(eval ENV_SHORT=ts) - $(eval ENV_TAG=test) - -.PHONY: test_aks -test_aks: aks ## Specify test aks environment - $(eval include global_config/test_aks.sh) - -.PHONY: preprod -preprod: - $(eval DEPLOY_ENV=preprod) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-test) - $(eval RESOURCE_NAME_PREFIX=s165t01) - $(eval ENV_SHORT=pp) - $(eval ENV_TAG=pre-prod) - -.PHONY: preproduction_aks -preproduction_aks: aks ## Specify preproduction aks environment - $(eval include global_config/preproduction_aks.sh) +test: aks ## Specify test aks environment + $(eval include global_config/test.sh) + +.PHONY: preproduction +preproduction: aks ## Specify preproduction aks environment + $(eval include global_config/preproduction.sh) .PHONY: production -production: - $(eval DEPLOY_ENV=production) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-production) - $(eval RESOURCE_NAME_PREFIX=s165p01) - $(eval ENV_SHORT=pd) - $(eval ENV_TAG=prod) - $(eval AZURE_BACKUP_STORAGE_ACCOUNT_NAME=s165p01dbbackup) - $(eval AZURE_BACKUP_STORAGE_CONTAINER_NAME=find-a-lost-trn) - -.PHONY: production_aks -production_aks: aks ## Specify production aks environment - $(eval include global_config/production_aks.sh) +production: aks ## Specify production aks environment + $(eval include global_config/production.sh) .PHONY: review -review: - $(if $(pr_id), , $(error Missing environment variable "pr_id")) - $(eval DEPLOY_ENV=review) - $(eval AZURE_SUBSCRIPTION=s165-teachingqualificationsservice-development) - $(eval env=-pr-$(pr_id)) - $(eval backend_config=-backend-config="key=review/review$(env).tfstate") - $(eval export TF_VAR_app_suffix=$(env)) - -.PHONY: review_aks -review_aks: aks ## Specify review aks environment +review: aks ## Specify review aks environment $(if $(pr_id), , $(error Missing environment variable "pr_id")) - $(eval include global_config/review_aks.sh) + $(eval include global_config/review.sh) $(eval env=-pr-$(pr_id)) - $(eval backend_config=-backend-config="key=review_aks$(env).tfstate") + $(eval backend_config=-backend-config="key=review$(env).tfstate") $(eval export TF_VAR_app_suffix=$(env)) .PHONY: ci @@ -103,16 +60,6 @@ bin/terrafile: ## Install terrafile to manage terraform modules tags: ##Tags that will be added to resource group on it's creation in ARM template $(eval RG_TAGS=$(shell echo '{"Portfolio": "Early years and Schools Group", "Parent Business":"Teaching Regulation Agency", "Product" : "Find a Lost TRN", "Service Line": "Teaching Workforce", "Service": "Teacher Services", "Service Offering": "Find a Lost TRN", "Environment" : "$(ENV_TAG)"}' | jq . )) -.PHONY: read-keyvault-config -read-keyvault-config: - $(eval KEY_VAULT_NAME=$(shell jq -r '.key_vault_name' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - $(eval KEY_VAULT_SECRET_NAME=INFRASTRUCTURE) - -read-deployment-config: - $(eval SPACE=$(shell jq -r '.paas_space' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - $(eval POSTGRES_DATABASE_NAME=$(shell jq -r '.postgres_database_name' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - $(eval FLT_APP_NAME=$(shell jq -r '.flt_app_name' terraform/paas/workspace_variables/$(DEPLOY_ENV).tfvars.json)) - ##@ Query parameter store to display environment variables. Requires Azure credentials set-azure-account: ${environment} echo "Logging on to ${AZURE_SUBSCRIPTION}" @@ -162,18 +109,6 @@ rename-postgres-service: read-deployment-config ## make dev rename-postgres-serv cf target -s ${SPACE} > /dev/null cf rename-service ${POSTGRES_DATABASE_NAME} ${POSTGRES_DATABASE_NAME}-$(NEW_NAME_SUFFIX) -remove-postgres-tf-state: terraform-init ## make dev remove-postgres-tf-state PASSCODE=XXX - cd terraform && terraform state rm cloudfoundry_service_instance.postgres - -restore-postgres: terraform-init read-deployment-config ## make dev restore-postgres DB_INSTANCE_GUID="" BEFORE_TIME="yyyy-MM-dd hh:mm:ss" TF_VAR_api_docker_image=ghcr.io/dfe-digital/find-a-lost-trn: PASSCODE= - cf target -s ${SPACE} > /dev/null - $(if $(DB_INSTANCE_GUID), , $(error can only run with DB_INSTANCE_GUID, get it by running `make ${SPACE} get-postgres-instance-guid`)) - $(if $(BEFORE_TIME), , $(error can only run with BEFORE_TIME, eg BEFORE_TIME="2021-09-14 16:00:00")) - $(eval export TF_VAR_paas_restore_db_from_db_instance=$(DB_INSTANCE_GUID)) - $(eval export TF_VAR_paas_restore_db_from_point_in_time_before=$(BEFORE_TIME)) - echo "Restoring ${POSTGRES_DATABASE_NAME} from $(TF_VAR_paas_restore_db_from_db_instance) before $(TF_VAR_paas_restore_db_from_point_in_time_before)" - make ${DEPLOY_ENV} terraform-apply - restore-data-from-backup: read-deployment-config # make production restore-data-from-backup CONFIRM_RESTORE=YES BACKUP_FILENAME="find-a-lost-trn-production-pg-svc-2022-04-28-01" @if [[ "$(CONFIRM_RESTORE)" != YES ]]; then echo "Please enter "CONFIRM_RESTORE=YES" to run workflow"; exit 1; fi $(eval export AZURE_BACKUP_STORAGE_ACCOUNT_NAME=$(AZURE_BACKUP_STORAGE_ACCOUNT_NAME)) @@ -181,37 +116,19 @@ restore-data-from-backup: read-deployment-config # make production restore-data- bin/download-db-backup ${AZURE_BACKUP_STORAGE_ACCOUNT_NAME} ${AZURE_BACKUP_STORAGE_CONTAINER_NAME} ${BACKUP_FILENAME}.tar.gz bin/restore-db ${DEPLOY_ENV} ${CONFIRM_RESTORE} ${SPACE} ${BACKUP_FILENAME}.sql ${POSTGRES_DATABASE_NAME} -terraform-init: - $(if $(or $(DISABLE_PASSCODE),$(PASSCODE)), , $(error Missing environment variable "PASSCODE", retrieve from https://login.london.cloud.service.gov.uk/passcode)) - [[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true - terraform -chdir=terraform/paas init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars $(backend_config) -upgrade -reconfigure - -terraform-plan: terraform-init - terraform -chdir=terraform/paas plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json - -terraform-apply: terraform-init - terraform -chdir=terraform/paas apply -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} - -terraform-apply-replace-redis: terraform-init # make dev terraform-apply-replace-redis PASSCODE="XXX" - terraform -chdir=terraform/paas apply -replace="cloudfoundry_service_instance.redis" -replace="cloudfoundry_app.app" -replace="cloudfoundry_service_key.redis_key" -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} - -terraform-destroy: terraform-init - terraform -chdir=terraform/paas destroy -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json ${AUTO_APPROVE} - -terraform-init-aks: bin/terrafile - $(if $(or $(DISABLE_PASSCODE),$(PASSCODE)), , $(error Missing environment variable "PASSCODE", retrieve from https://login.london.cloud.service.gov.uk/passcode)) +terraform-init: bin/terrafile [[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true ./bin/terrafile -p terraform/aks/vendor/modules -f terraform/aks/workspace_variables/$(CONFIG)_Terrafile terraform -chdir=terraform/aks init -backend-config workspace_variables/$(CONFIG).backend.tfvars $(backend_config) -upgrade -reconfigure $(if $(DOCKER_IMAGE), $(eval export TF_VAR_paas_app_docker_image=$(DOCKER_IMAGE)), $(error Missing environment variable "DOCKER_IMAGE")) -terraform-plan-aks: terraform-init-aks +terraform-plan: terraform-init terraform -chdir=terraform/aks plan -var-file workspace_variables/$(CONFIG).tfvars.json -terraform-apply-aks: terraform-init-aks +terraform-apply: terraform-init terraform -chdir=terraform/aks apply -var-file workspace_variables/$(CONFIG).tfvars.json ${AUTO_APPROVE} -terraform-destroy-aks: terraform-init-aks +terraform-destroy: terraform-init terraform -chdir=terraform/aks destroy -var-file workspace_variables/$(CONFIG).tfvars.json ${AUTO_APPROVE} deploy-azure-resources: set-azure-account tags # make dev deploy-azure-resources CONFIRM_DEPLOY=1 diff --git a/global_config/development_aks.sh b/global_config/development.sh similarity index 89% rename from global_config/development_aks.sh rename to global_config/development.sh index 1183e83ae..666b9ceb8 100644 --- a/global_config/development_aks.sh +++ b/global_config/development.sh @@ -1,4 +1,4 @@ -CONFIG=development_aks +CONFIG=development DEPLOY_ENV=development CONFIG_SHORT=dv AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/global_config/preproduction_aks.sh b/global_config/preproduction.sh similarity index 88% rename from global_config/preproduction_aks.sh rename to global_config/preproduction.sh index ec16091d1..476513a4e 100644 --- a/global_config/preproduction_aks.sh +++ b/global_config/preproduction.sh @@ -1,4 +1,4 @@ -CONFIG=preproduction_aks +CONFIG=preproduction DEPLOY_ENV=preproduction CONFIG_SHORT=pp AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/global_config/production_aks.sh b/global_config/production.sh similarity index 89% rename from global_config/production_aks.sh rename to global_config/production.sh index 66514921f..823eba913 100644 --- a/global_config/production_aks.sh +++ b/global_config/production.sh @@ -1,4 +1,4 @@ -CONFIG=production_aks +CONFIG=production DEPLOY_ENV=production CONFIG_SHORT=pd AZURE_SUBSCRIPTION=s189-teacher-services-cloud-production diff --git a/global_config/review_aks.sh b/global_config/review.sh similarity index 91% rename from global_config/review_aks.sh rename to global_config/review.sh index 23f35d0e8..b2fb56fbb 100644 --- a/global_config/review_aks.sh +++ b/global_config/review.sh @@ -1,4 +1,4 @@ -CONFIG=review_aks +CONFIG=review DEPLOY_ENV=review CONFIG_SHORT=rv AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/global_config/test_aks.sh b/global_config/test.sh similarity index 92% rename from global_config/test_aks.sh rename to global_config/test.sh index 1673b1f50..36183a533 100644 --- a/global_config/test_aks.sh +++ b/global_config/test.sh @@ -1,4 +1,4 @@ -CONFIG=test_aks +CONFIG=test DEPLOY_ENV=test CONFIG_SHORT=ts AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test diff --git a/terraform/aks/application.tf b/terraform/aks/application.tf index 6c5cae80c..8dd5acae8 100644 --- a/terraform/aks/application.tf +++ b/terraform/aks/application.tf @@ -3,7 +3,7 @@ locals { service_name = "find-a-lost-trn" app_secrets = { DATABASE_URL = var.deploy_postgres ? module.postgres.url : "" - REDIS_URL = var.deploy_redis ? module.redis[0].url : "" + REDIS_URL = var.deploy_redis ? module.redis[0].url : "" } } @@ -43,18 +43,18 @@ module "application_configuration" { } module "worker_application" { - source = "./vendor/modules/aks//aks/application" - name = "worker" - is_web = false - namespace = var.namespace - environment = local.environment - service_name = local.service_name - cluster_configuration_map = module.cluster_data.configuration_map + source = "./vendor/modules/aks//aks/application" + name = "worker" + is_web = false + namespace = var.namespace + environment = local.environment + service_name = local.service_name + cluster_configuration_map = module.cluster_data.configuration_map kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name kubernetes_secret_name = module.application_configuration.kubernetes_secret_name - docker_image = var.paas_app_docker_image - command = ["bundle", "exec", "sidekiq", "-C", "./config/sidekiq.yml"] - probe_command = ["pgrep", "-f", "sidekiq"] - max_memory = var.worker_memory_max - replicas = var.worker_replicas + docker_image = var.paas_app_docker_image + command = ["bundle", "exec", "sidekiq", "-C", "./config/sidekiq.yml"] + probe_command = ["pgrep", "-f", "sidekiq"] + max_memory = var.worker_memory_max + replicas = var.worker_replicas } diff --git a/terraform/aks/databases.tf b/terraform/aks/databases.tf index 81317c77f..a19996b6a 100644 --- a/terraform/aks/databases.tf +++ b/terraform/aks/databases.tf @@ -1,37 +1,37 @@ module "postgres" { - source = "./vendor/modules/aks//aks/postgres" + source = "./vendor/modules/aks//aks/postgres" - namespace = var.namespace - environment = local.environment - azure_resource_prefix = var.azure_resource_prefix - service_name = local.service_name - service_short = var.service_short - config_short = var.config_short + namespace = var.namespace + environment = local.environment + azure_resource_prefix = var.azure_resource_prefix + service_name = local.service_name + service_short = var.service_short + config_short = var.config_short cluster_configuration_map = module.cluster_data.configuration_map - use_azure = var.deploy_azure_backing_services - azure_enable_monitoring = var.enable_monitoring - azure_extensions = ["plpgsql", "citext", "uuid-ossp"] - server_version = "14" + use_azure = var.deploy_azure_backing_services + azure_enable_monitoring = var.enable_monitoring + azure_extensions = ["plpgsql", "citext", "uuid-ossp"] + server_version = "14" azure_enable_backup_storage = var.azure_enable_backup_storage } module "redis" { - count = var.deploy_redis ? 1 : 0 - source = "./vendor/modules/aks//aks/redis" + count = var.deploy_redis ? 1 : 0 + source = "./vendor/modules/aks//aks/redis" - namespace = var.namespace - environment = local.environment - azure_resource_prefix = var.azure_resource_prefix - service_name = local.service_name - service_short = var.service_short - config_short = var.config_short + namespace = var.namespace + environment = local.environment + azure_resource_prefix = var.azure_resource_prefix + service_name = local.service_name + service_short = var.service_short + config_short = var.config_short cluster_configuration_map = module.cluster_data.configuration_map - use_azure = var.deploy_azure_backing_services - azure_enable_monitoring = var.enable_monitoring - azure_patch_schedule = [{ "day_of_week" : "Sunday", "start_hour_utc" : 01 }] + use_azure = var.deploy_azure_backing_services + azure_enable_monitoring = var.enable_monitoring + azure_patch_schedule = [{ "day_of_week" : "Sunday", "start_hour_utc" : 01 }] } diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf index dfda9371c..f5891e975 100644 --- a/terraform/aks/variables.tf +++ b/terraform/aks/variables.tf @@ -1,21 +1,21 @@ variable "app_environment" { - type = string + type = string description = "Environment name in full e.g development" } variable "file_environment" { - type = string + type = string description = "AKS environment name e.g dev" } variable "app_suffix" { - type = string - default = "" + type = string + default = "" description = "App suffix" } variable "azure_resource_prefix" { - type = string + type = string description = "Standard resource prefix. Usually s189t01 (test) or s189p01 (production)" } @@ -25,56 +25,56 @@ variable "azure_sp_credentials_json" { } variable "cluster" { - type = string + type = string description = "AKS cluster where this app is deployed. Either 'test' or 'production'" } variable "config_short" { - type = string + type = string description = "Short name of the environment configuration, e.g. dv, pp, pd..." } variable "deploy_azure_backing_services" { - type = string - default = true + type = string + default = true description = "Deploy real Azure backing services like databases, as opposed to containers inside of AKS" } variable "enable_monitoring" { - type = bool - default = true + type = bool + default = true description = "Enable monitoring and alerting" } variable "namespace" { - type = string + type = string description = "AKS namespace where this app is deployed" } variable "service_short" { - type = string + type = string description = "Short name to identify the service. Up to 6 charcters." } -variable "replicas" { - default = 1 - type = number +variable "replicas" { + default = 1 + type = number } -variable "memory_max" { - default = "1Gi" - type = string +variable "memory_max" { + default = "1Gi" + type = string description = "Max memory size" } -variable "worker_replicas" { - default = 1 - type = number +variable "worker_replicas" { + default = 1 + type = number } -variable "worker_memory_max" { - default = "1Gi" - type = string +variable "worker_memory_max" { + default = "1Gi" + type = string description = "Max memory size of worker" } @@ -114,7 +114,7 @@ variable "inf_vault_name" { } variable "azure_enable_backup_storage" { - default = false + default = false } variable "review_url_db_name" { @@ -123,7 +123,7 @@ variable "review_url_db_name" { } variable "review_url_redis_name" { - default = null + default = null description = "the name of the secret storing review redis url" } diff --git a/terraform/aks/workspace_variables/development_aks.backend.tfvars b/terraform/aks/workspace_variables/development.backend.tfvars similarity index 100% rename from terraform/aks/workspace_variables/development_aks.backend.tfvars rename to terraform/aks/workspace_variables/development.backend.tfvars diff --git a/terraform/aks/workspace_variables/development_aks.tfvars.json b/terraform/aks/workspace_variables/development.tfvars.json similarity index 100% rename from terraform/aks/workspace_variables/development_aks.tfvars.json rename to terraform/aks/workspace_variables/development.tfvars.json diff --git a/terraform/aks/workspace_variables/development_aks_Terrafile b/terraform/aks/workspace_variables/development_Terrafile similarity index 100% rename from terraform/aks/workspace_variables/development_aks_Terrafile rename to terraform/aks/workspace_variables/development_Terrafile diff --git a/terraform/aks/workspace_variables/preproduction_aks.backend.tfvars b/terraform/aks/workspace_variables/preproduction.backend.tfvars similarity index 100% rename from terraform/aks/workspace_variables/preproduction_aks.backend.tfvars rename to terraform/aks/workspace_variables/preproduction.backend.tfvars diff --git a/terraform/aks/workspace_variables/preproduction_aks.tfvars.json b/terraform/aks/workspace_variables/preproduction.tfvars.json similarity index 100% rename from terraform/aks/workspace_variables/preproduction_aks.tfvars.json rename to terraform/aks/workspace_variables/preproduction.tfvars.json diff --git a/terraform/aks/workspace_variables/preproduction_aks_Terrafile b/terraform/aks/workspace_variables/preproduction_Terrafile similarity index 100% rename from terraform/aks/workspace_variables/preproduction_aks_Terrafile rename to terraform/aks/workspace_variables/preproduction_Terrafile diff --git a/terraform/aks/workspace_variables/production_aks.backend.tfvars b/terraform/aks/workspace_variables/production.backend.tfvars similarity index 100% rename from terraform/aks/workspace_variables/production_aks.backend.tfvars rename to terraform/aks/workspace_variables/production.backend.tfvars diff --git a/terraform/aks/workspace_variables/production_aks.tfvars.json b/terraform/aks/workspace_variables/production.tfvars.json similarity index 100% rename from terraform/aks/workspace_variables/production_aks.tfvars.json rename to terraform/aks/workspace_variables/production.tfvars.json diff --git a/terraform/aks/workspace_variables/production_aks_Terrafile b/terraform/aks/workspace_variables/production_Terrafile similarity index 100% rename from terraform/aks/workspace_variables/production_aks_Terrafile rename to terraform/aks/workspace_variables/production_Terrafile diff --git a/terraform/aks/workspace_variables/review_aks.backend.tfvars b/terraform/aks/workspace_variables/review.backend.tfvars similarity index 100% rename from terraform/aks/workspace_variables/review_aks.backend.tfvars rename to terraform/aks/workspace_variables/review.backend.tfvars diff --git a/terraform/aks/workspace_variables/review_aks.tfvars.json b/terraform/aks/workspace_variables/review.tfvars.json similarity index 100% rename from terraform/aks/workspace_variables/review_aks.tfvars.json rename to terraform/aks/workspace_variables/review.tfvars.json diff --git a/terraform/aks/workspace_variables/review_aks_Terrafile b/terraform/aks/workspace_variables/review_Terrafile similarity index 100% rename from terraform/aks/workspace_variables/review_aks_Terrafile rename to terraform/aks/workspace_variables/review_Terrafile diff --git a/terraform/aks/workspace_variables/test_aks.backend.tfvars b/terraform/aks/workspace_variables/test.backend.tfvars similarity index 100% rename from terraform/aks/workspace_variables/test_aks.backend.tfvars rename to terraform/aks/workspace_variables/test.backend.tfvars diff --git a/terraform/aks/workspace_variables/test_aks.tfvars.json b/terraform/aks/workspace_variables/test.tfvars.json similarity index 100% rename from terraform/aks/workspace_variables/test_aks.tfvars.json rename to terraform/aks/workspace_variables/test.tfvars.json diff --git a/terraform/aks/workspace_variables/test_aks_Terrafile b/terraform/aks/workspace_variables/test_Terrafile similarity index 100% rename from terraform/aks/workspace_variables/test_aks_Terrafile rename to terraform/aks/workspace_variables/test_Terrafile diff --git a/terraform/paas/.gitignore b/terraform/paas/.gitignore deleted file mode 100644 index 1c99dc138..000000000 --- a/terraform/paas/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.terraform/ diff --git a/terraform/paas/.terraform.lock.hcl b/terraform/paas/.terraform.lock.hcl deleted file mode 100644 index 3ee8cbc51..000000000 --- a/terraform/paas/.terraform.lock.hcl +++ /dev/null @@ -1,69 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/cloudfoundry-community/cloudfoundry" { - version = "0.51.3" - constraints = "~> 0.15" - hashes = [ - "h1:Wuz3KPG8YwBFfla8FDxqIQnBAqQhX8AkS9rSRMmYKKc=", - "zh:011f93f31daefd75e4664ce80462f13f0ee1f93c073b3217730e7a136ca9d544", - "zh:0d9078e43a1dcefd62f593e248d7b44478dd75cd70aabdfce92a52abe065f297", - "zh:29cc360081f68442ec2f4b1d90f24b9cc3c1017c86e18de62eb8043dbbf7fe8c", - "zh:48ea027fd3ecefac3302a58dd61389b086c123d621f094a441aef0c036f9d9f3", - "zh:59cbaec857468fe10e91e9f67358bb0c18e91d9dc1bf4386ace42c2a95925889", - "zh:8537822684fc2b531ed1c404da25fee2af71f9cfc326bb26b35828d6a7087ed3", - "zh:b0d88d3fcd86c5c493de4001e9f1c961e1650a364831380c2aa9ab17551094b7", - "zh:cbde14e2c1f84285b0ae28dfb0c495ec6ba503d3abd95774f92492dd26276e14", - "zh:cc29ecc864a5f2c1f4d3c6425d595c163ccd202203a40dc78a22f7b8f945efc8", - "zh:d3ab24d7b5081b3858053b88222c7652d7432de15a3e037eef0f5d96881f7ef8", - "zh:dc125bab081ae478c0afedbeb805238f97fea83e999aa94c2e400e646b845df2", - "zh:e12d7ed99ac17b2724f2129db75540c55bbe9e10d067dac8d71216598ce492d1", - "zh:fb4f969728f285b5dc460fc8693cfb3f0d4139bda2d389e5de2a0ad91f2009a1", - "zh:fca9941b778e7f6ca57d44d698f528438283ab15c1789d8b48be722fe7c03b4b", - "zh:fea692d2ed3d4e9da5aebdc54d1c19afe97e07d597b7d5d768224976bc329cc2", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "2.99.0" - constraints = "~> 2.84" - hashes = [ - "h1:/ZY1j8YgB5GeqPnjT8avyRFjUcGH3rCk1xGLKcUCtWc=", - "h1:FXBB5TkvZpZA+ZRtofPvp5IHZpz4Atw7w9J8GDgMhvk=", - "zh:08d81e72e97351538ab4d15548942217bf0c4d3b79ad3f4c95d8f07f902d2fa6", - "zh:11fdfa4f42d6b6f01371f336fea56f28a1db9e7b490c5ca0b352f6bbca5a27f1", - "zh:12376e2c4b56b76098d5d713d1a4e07e748a926c4d165f0bd6f52157b1f7a7e9", - "zh:31f1cb5b88ed1307625050e3ee7dd9948773f522a3f3bf179195d607de843ea3", - "zh:767971161405d38412662a73ea40a422125cdc214c72fbc569bcfbea6e66c366", - "zh:973c402c3728b68c980ea537319b703c009b902a981b0067fbc64e04a90e434c", - "zh:9ec62a4f82ec1e92bceeff80dd8783f61de0a94665c133f7c7a7a68bda9cdbd6", - "zh:bbb3b7e1229c531c4634338e4fc81b28bce58312eb843a931a4420abe42d5b7e", - "zh:cbbe02cd410d21476b3a081b5fa74b4f1b3d9d79b00214009028d60e859c19a3", - "zh:cc00ecc7617a55543b60a0da1196ea92df48c399bcadbedf04c783e3d47c6e08", - "zh:eecb9fd0e7509c7fd4763e546ef0933f125770cbab2b46152416e23d5ec9dd53", - ] -} - -provider "registry.terraform.io/statuscakedev/statuscake" { - version = "2.0.5" - constraints = "2.0.5" - hashes = [ - "h1:8/x0qo4d2j83dbM5RmGW++GJ4gQbz9OgoedLtPyFJIg=", - "h1:xOdqOYEZQW9aqoBekGGMnqZueTAdhQ5XnfOfzeQnSc4=", - "zh:0d4abab56a77562c8c347e4bec8ec5f9cb74cfa78e14485d1895dbae2d3e46d1", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1d3a6ad4d42bdf912482ca1b6100883ce6075257b841723c155aef52ffffc7c5", - "zh:2a613729fa535c15214029832fd7da54adbe2142b84033ae78509b0fa1db1d5b", - "zh:3e8546072054c6f356193d942deab120ef9f5cd861891e4e8b4951a971573de5", - "zh:4211f740a066527475e14819ecd3551985b1dd52245de1d9bb2d6db57a37fb70", - "zh:45bbce8cebd7ec50d4691081b0f119fc75512e1e306d87584b33ad7cc337939f", - "zh:4b514734633ce09d30ea9e7ef0caabd788575bb1b706af0c8ba60b96a923dcba", - "zh:6ddc4591d4e52cbd78c2a9473c870287166c1d1c15802257bd1780330f6ad0d8", - "zh:79f974a40afe997081410e7e6c2ffa96d7cf51969f2bb8ef930d42f6a857b5c9", - "zh:98b155af2ebcbf710febd6263b9f8ad5a79faed1d6177432f081539cebece959", - "zh:b0f6f90c02d851740fe1177e807fd32cd17519f57fb0dda9ed3d9f5845d9bbc0", - "zh:b39348a178af82ba1d26b93cb2d0cbb375b1c8607554390568e5d603539e8392", - "zh:c5a13978a2ddacfc7507d3d149044791408d7075c99eafe2f7daa01eea061213", - "zh:dc1e63f106f95591f162cac520e71ed7203c270b9e17eb3b5333e80a02c9905c", - ] -} diff --git a/terraform/paas/app.tf b/terraform/paas/app.tf deleted file mode 100644 index b03d6565b..000000000 --- a/terraform/paas/app.tf +++ /dev/null @@ -1,103 +0,0 @@ -locals { - app_environment_variables = merge(try(local.infrastructure_secrets, null), - { - REDIS_URL = cloudfoundry_service_key.redis_key.credentials.uri - HOSTING_ENVIRONMENT_NAME = var.hosting_environment_name - } - ) - logstash_endpoint = data.azurerm_key_vault_secret.secrets["LOGSTASH-ENDPOINT"].value -} - -resource "cloudfoundry_route" "flt_public" { - domain = data.cloudfoundry_domain.cloudapps.id - hostname = local.flt_app_name - space = data.cloudfoundry_space.space.id -} - -resource "cloudfoundry_route" "flt_internal" { - count = local.configure_prometheus_network_policy - domain = data.cloudfoundry_domain.internal.id - space = data.cloudfoundry_space.space.id - hostname = local.flt_app_name -} - -resource "cloudfoundry_route" "flt_education" { - for_each = toset(var.hostnames) - domain = data.cloudfoundry_domain.education_gov_uk.id - space = data.cloudfoundry_space.space.id - hostname = each.value -} - -resource "cloudfoundry_user_provided_service" "logging" { - name = "${var.logging_service_name}${var.app_suffix}" - space = data.cloudfoundry_space.space.id - syslog_drain_url = "syslog-tls://${local.logstash_endpoint}" -} -resource "cloudfoundry_service_instance" "postgres" { - name = local.postgres_database_name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.postgres.service_plans[var.postgres_database_service_plan] - json_params = jsonencode(local.restore_db_backup_params) - timeouts { - create = "60m" - update = "60m" - } -} - -resource "cloudfoundry_service_instance" "redis" { - name = local.redis_name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.redis.service_plans[var.redis_service_plan] -} - -resource "cloudfoundry_service_key" "redis_key" { - name = "${local.redis_name}_key" - service_instance = cloudfoundry_service_instance.redis.id -} -resource "cloudfoundry_app" "app" { - name = local.flt_app_name - space = data.cloudfoundry_space.space.id - instances = var.flt_instances - memory = var.flt_memory - disk_quota = var.flt_disk_quota - docker_image = var.flt_docker_image - strategy = "blue-green" - environment = local.app_environment_variables - health_check_type = "http" - health_check_http_endpoint = "/health" - dynamic "routes" { - for_each = local.flt_routes - content { - route = routes.value.id - } - } - - dynamic "service_binding" { - for_each = local.app_service_bindings - content { - service_instance = service_binding.value - } - } -} - -resource "cloudfoundry_app" "worker" { - name = "${local.flt_app_name}-worker" - space = data.cloudfoundry_space.space.id - instances = var.flt_instances - memory = var.flt_memory - disk_quota = var.flt_disk_quota - docker_image = var.flt_docker_image - command = "bundle exec sidekiq -C ./config/sidekiq.yml" - strategy = "blue-green" - environment = local.app_environment_variables - - health_check_type = "process" - - service_binding { - service_instance = cloudfoundry_service_instance.postgres.id - } - - service_binding { - service_instance = cloudfoundry_service_instance.redis.id - } -} diff --git a/terraform/paas/data.tf b/terraform/paas/data.tf deleted file mode 100644 index 4c7acec30..000000000 --- a/terraform/paas/data.tf +++ /dev/null @@ -1,38 +0,0 @@ -data "azurerm_key_vault" "vault" { - name = var.key_vault_name - resource_group_name = var.resource_group_name -} - -data "azurerm_key_vault_secrets" "secrets" { - key_vault_id = data.azurerm_key_vault.vault.id -} - -data "azurerm_key_vault_secret" "secrets" { - key_vault_id = data.azurerm_key_vault.vault.id - for_each = toset(data.azurerm_key_vault_secrets.secrets.names) - name = each.key -} - -data "cloudfoundry_space" "space" { - name = var.paas_space - org_name = var.paas_org_name -} - -data "cloudfoundry_domain" "cloudapps" { - name = "london.cloudapps.digital" -} - -data "cloudfoundry_domain" "internal" { - name = "apps.internal" -} -data "cloudfoundry_domain" "education_gov_uk" { - name = "education.gov.uk" -} - -data "cloudfoundry_service" "postgres" { - name = "postgres" -} - -data "cloudfoundry_service" "redis" { - name = "redis" -} diff --git a/terraform/paas/network-policies.tf b/terraform/paas/network-policies.tf deleted file mode 100644 index 811a56825..000000000 --- a/terraform/paas/network-policies.tf +++ /dev/null @@ -1,25 +0,0 @@ -locals { - configure_prometheus_network_policy = var.prometheus_app == null ? 0 : 1 -} - -data "cloudfoundry_app" "flt_web_app" { - depends_on = [cloudfoundry_app.app] - name_or_id = cloudfoundry_app.app.name - space = data.cloudfoundry_space.space.id -} - -data "cloudfoundry_app" "prometheus_app" { - count = local.configure_prometheus_network_policy - name_or_id = var.prometheus_app - space = data.cloudfoundry_space.space.id -} - -resource "cloudfoundry_network_policy" "prometheus_to_flt_policy" { - depends_on = [data.cloudfoundry_app.flt_web_app] - count = local.configure_prometheus_network_policy - policy { - source_app = data.cloudfoundry_app.prometheus_app[0].id - destination_app = data.cloudfoundry_app.flt_web_app.id - port = "3000" - } -} diff --git a/terraform/paas/outputs.tf b/terraform/paas/outputs.tf deleted file mode 100644 index 6802c9459..000000000 --- a/terraform/paas/outputs.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "flt_fqdn" { - value = "${cloudfoundry_route.flt_public.hostname}.${data.cloudfoundry_domain.cloudapps.name}" -} diff --git a/terraform/paas/provider.tf b/terraform/paas/provider.tf deleted file mode 100644 index 86006ceaf..000000000 --- a/terraform/paas/provider.tf +++ /dev/null @@ -1,26 +0,0 @@ -locals { - azure_credentials = try(jsondecode(var.azure_sp_credentials_json), null) - infrastructure_secrets = yamldecode(data.azurerm_key_vault_secret.secrets["INFRASTRUCTURE"].value) - monitoring_secrets = yamldecode(data.azurerm_key_vault_secret.secrets["MONITORING"].value) -} - -provider "azurerm" { - subscription_id = try(local.azure_credentials.subscriptionId, null) - client_id = try(local.azure_credentials.clientId, null) - client_secret = try(local.azure_credentials.clientSecret, null) - tenant_id = try(local.azure_credentials.tenantId, null) - skip_provider_registration = true - - features {} -} - -provider "cloudfoundry" { - api_url = var.paas_api_url - user = data.azurerm_key_vault_secret.secrets["PAAS-USER"].value - password = data.azurerm_key_vault_secret.secrets["PAAS-PASSWORD"].value -} - -provider "statuscake" { - api_token = local.monitoring_secrets.STATUSCAKE_PASSWORD -} - diff --git a/terraform/paas/statuscake.tf b/terraform/paas/statuscake.tf deleted file mode 100644 index f33d1b0d6..000000000 --- a/terraform/paas/statuscake.tf +++ /dev/null @@ -1,22 +0,0 @@ -resource "statuscake_uptime_check" "alert" { - for_each = var.statuscake_alerts - - name = each.value.website_name - contact_groups = each.value.contact_group - confirmation = each.value.confirmations - trigger_rate = 0 - check_interval = 30 - regions = ["london", "dublin"] - - http_check { - follow_redirects = true - timeout = 40 - request_method = "HTTP" - status_codes = ["204", "205", "206", "303", "400", "401", "403", "404", "405", "406", "408", "410", "413", "444", "429", "494", "495", "496", "499", "500", "501", "502", "503", "504", "505", "506", "507", "508", "509", "510", "511", "521", "522", "523", "524", "520", "598", "599"] - validate_ssl = false - } - - monitored_resource { - address = each.value.website_url - } -} diff --git a/terraform/paas/terraform.tf b/terraform/paas/terraform.tf deleted file mode 100644 index a0b1f280a..000000000 --- a/terraform/paas/terraform.tf +++ /dev/null @@ -1,24 +0,0 @@ -terraform { - required_version = "~> 1.0" - - backend "azurerm" { - container_name = "faltrn-tfstate" - } - - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "~> 2.84" - } - - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "~> 0.15" - } - - statuscake = { - source = "StatusCakeDev/statuscake" - version = "2.0.5" - } - } -} diff --git a/terraform/paas/variables.tf b/terraform/paas/variables.tf deleted file mode 100644 index 60e5a3f62..000000000 --- a/terraform/paas/variables.tf +++ /dev/null @@ -1,115 +0,0 @@ -variable "environment_name" { - type = string -} - -variable "azure_sp_credentials_json" { - type = string - default = null -} - -variable "key_vault_name" { - type = string -} - -variable "resource_group_name" { - type = string -} - -variable "paas_api_url" { - default = "https://api.london.cloud.service.gov.uk" -} - -variable "paas_org_name" { - type = string - default = "dfe" -} - -variable "paas_space" { - type = string -} - -variable "app_suffix" { - type = string - default = "" -} -variable "flt_docker_image" { - type = string -} - -variable "flt_instances" { - default = 1 -} - -variable "flt_memory" { - default = "1024" -} - -variable "flt_disk_quota" { - default = "2048" -} - -variable "logging_service_name" { - type = string -} - -variable "enable_external_logging" { - type = bool - default = true -} - -variable "hosting_environment_name" { - type = string - default = "" -} - -variable "postgres_database_service_plan" { - type = string - default = "small-13" -} - -variable "paas_restore_db_from_db_instance" { - default = "" -} - -variable "paas_restore_db_from_point_in_time_before" { - default = "" -} - -variable "redis_service_plan" { - type = string - default = "tiny-6_x" -} - -variable "statuscake_alerts" { - type = map(any) -} - -variable "hostnames" { - default = [] - type = list(any) -} - -variable "prometheus_app" { - default = null -} -locals { - flt_app_name = "find-a-lost-trn-${var.environment_name}${var.app_suffix}" - postgres_database_name = "find-a-lost-trn-${var.environment_name}${var.app_suffix}-pg-svc" - redis_name = "find-a-lost-trn-${var.environment_name}${var.app_suffix}-redis-svc" - app_cloudfoundry_service_instances = [ - cloudfoundry_service_instance.postgres.id, - cloudfoundry_service_instance.redis.id, - ] - app_user_provided_service_bindings = var.enable_external_logging ? [cloudfoundry_user_provided_service.logging.id] : [] - app_service_bindings = concat(local.app_cloudfoundry_service_instances, local.app_user_provided_service_bindings) - flt_routes = flatten([ - cloudfoundry_route.flt_public, - cloudfoundry_route.flt_internal, - values(cloudfoundry_route.flt_education) - ]) - restore_db_backup_params = var.paas_restore_db_from_db_instance != "" ? { - restore_from_point_in_time_of = var.paas_restore_db_from_db_instance - restore_from_point_in_time_before = var.paas_restore_db_from_point_in_time_before - } : {} - -} diff --git a/terraform/paas/workspace_variables/dev.backend.tfvars b/terraform/paas/workspace_variables/dev.backend.tfvars deleted file mode 100644 index e18d57db9..000000000 --- a/terraform/paas/workspace_variables/dev.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165d01faltrntfstatedv" -key = "dev.tfstate" -resource_group_name = "s165d01-faltrn-dv-rg" diff --git a/terraform/paas/workspace_variables/dev.tfvars.json b/terraform/paas/workspace_variables/dev.tfvars.json deleted file mode 100644 index 1d405ca1f..000000000 --- a/terraform/paas/workspace_variables/dev.tfvars.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "environment_name": "dev", - "key_vault_name": "s165d01-faltrn-dv-kv", - "resource_group_name": "s165d01-faltrn-dv-rg", - "logging_service_name": "flt-logit-ssl-drain-dev", - "hosting_environment_name": "development", - "paas_space": "tra-dev", - "hostnames": ["dev-find-a-lost-trn"], - "statuscake_alerts": {}, - "prometheus_app": "prometheus-tra-monitoring-dev" -} diff --git a/terraform/paas/workspace_variables/preprod.backend.tfvars b/terraform/paas/workspace_variables/preprod.backend.tfvars deleted file mode 100644 index d9566bcd7..000000000 --- a/terraform/paas/workspace_variables/preprod.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165t01faltrntfstatepp" -key = "preprod.tfstate" -resource_group_name = "s165t01-faltrn-pp-rg" diff --git a/terraform/paas/workspace_variables/preprod.tfvars.json b/terraform/paas/workspace_variables/preprod.tfvars.json deleted file mode 100644 index b20cde109..000000000 --- a/terraform/paas/workspace_variables/preprod.tfvars.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "environment_name": "preprod", - "key_vault_name": "s165t01-faltrn-pp-kv", - "resource_group_name": "s165t01-faltrn-pp-rg", - "flt_instances": 2, - "logging_service_name": "flt-logit-ssl-drain-preprod", - "hosting_environment_name": "preprod", - "paas_space": "tra-test", - "postgres_database_service_plan": "small-ha-13", - "hostnames": ["preprod-find-a-lost-trn"], - "statuscake_alerts": { - "tra-flt-preprod": { - "website_name": "find-a-lost-trn-preprod", - "website_url": "https://find-a-lost-trn-preprod.london.cloudapps.digital/health", - "contact_group": [249142], - "confirmations": 2 - } - } -} diff --git a/terraform/paas/workspace_variables/production.backend.tfvars b/terraform/paas/workspace_variables/production.backend.tfvars deleted file mode 100644 index e68cd359e..000000000 --- a/terraform/paas/workspace_variables/production.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165p01faltrntfstatepd" -key = "production.tfstate" -resource_group_name = "s165p01-faltrn-pd-rg" diff --git a/terraform/paas/workspace_variables/production.tfvars.json b/terraform/paas/workspace_variables/production.tfvars.json deleted file mode 100644 index fb42dd460..000000000 --- a/terraform/paas/workspace_variables/production.tfvars.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "environment_name": "production", - "key_vault_name": "s165p01-faltrn-pd-kv", - "resource_group_name": "s165p01-faltrn-pd-rg", - "flt_instances": 2, - "flt_disk_quota": "2560", - "logging_service_name": "flt-logit-ssl-drain-production", - "hosting_environment_name": "production", - "paas_space": "tra-production", - "postgres_database_service_plan": "small-ha-13", - "hostnames": ["find-a-lost-trn"], - "statuscake_alerts": { - "tra-flt-prod-1": { - "website_name": "find-a-lost-trn-production", - "website_url": "https://find-a-lost-trn-production.london.cloudapps.digital/health/all", - "contact_group": [249142], - "confirmations": 2 - }, - "tra-flt-prod-2": { - "website_name": "find-a-lost-trn-production", - "website_url": "https://find-a-lost-trn.education.gov.uk/health/all", - "contact_group": [249142], - "confirmations": 2 - } - }, - "prometheus_app": "prometheus-tra-monitoring-prod" -} diff --git a/terraform/paas/workspace_variables/review.backend.tfvars b/terraform/paas/workspace_variables/review.backend.tfvars deleted file mode 100644 index fcdeaa042..000000000 --- a/terraform/paas/workspace_variables/review.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165d01faltrntfstatedv" -# The key is provided dynamically for each review app via the Makefile -resource_group_name = "s165d01-faltrn-dv-rg" diff --git a/terraform/paas/workspace_variables/review.tfvars.json b/terraform/paas/workspace_variables/review.tfvars.json deleted file mode 100644 index b06b601ea..000000000 --- a/terraform/paas/workspace_variables/review.tfvars.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "environment_name": "review", - "key_vault_name": "s165d01-faltrn-dv-kv", - "resource_group_name": "s165d01-faltrn-dv-rg", - "logging_service_name": "flt-logit-ssl-drain-review", - "enable_external_logging": false, - "hosting_environment_name": "review", - "paas_space": "tra-dev", - "statuscake_alerts": {} -} diff --git a/terraform/paas/workspace_variables/test.backend.tfvars b/terraform/paas/workspace_variables/test.backend.tfvars deleted file mode 100644 index 97bf0bc06..000000000 --- a/terraform/paas/workspace_variables/test.backend.tfvars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s165t01faltrntfstatets" -key = "test.tfstate" -resource_group_name = "s165t01-faltrn-ts-rg" diff --git a/terraform/paas/workspace_variables/test.tfvars.json b/terraform/paas/workspace_variables/test.tfvars.json deleted file mode 100644 index e86d8121d..000000000 --- a/terraform/paas/workspace_variables/test.tfvars.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "environment_name": "test", - "key_vault_name": "s165t01-faltrn-ts-kv", - "resource_group_name": "s165t01-faltrn-ts-rg", - "logging_service_name": "flt-logit-ssl-drain-test", - "hosting_environment_name": "development", - "paas_space": "tra-test", - "hostnames": ["test-find-a-lost-trn"], - "statuscake_alerts": { - "tra-flt-test": { - "website_name": "find-a-lost-trn-test", - "website_url": "https://find-a-lost-trn-test.london.cloudapps.digital/health", - "contact_group": [249142], - "confirmations": 2 - } - } -}