Skip to content

Commit

Permalink
Move shared config into a shared secret (#1010)
Browse files Browse the repository at this point in the history
gunndabad authored Dec 18, 2023
1 parent 94fa550 commit 2fc3acd
Showing 5 changed files with 31 additions and 25 deletions.
8 changes: 4 additions & 4 deletions TeachingRecordSystem/src/TeachingRecordSystem.Api/Program.cs
Original file line number Diff line number Diff line change
@@ -179,12 +179,12 @@ public static void Main(string[] args)
client.Timeout = TimeSpan.FromSeconds(30);
});

builder.AddBlobStorage();

builder.AddDistributedLocks();
builder
.AddBlobStorage()
.AddDistributedLocks()
.AddIdentityApi();

services.AddTrnGenerationApi(configuration);
services.AddIdentityApi(configuration, env);
services.AddAccessYourTeachingQualificationsOptions(configuration, env);
services.AddCertificateGeneration();
services.AddCrmQueries();
Original file line number Diff line number Diff line change
@@ -6,25 +6,22 @@

namespace TeachingRecordSystem.Core.Services.GetAnIdentityApi;

public static class ServiceCollectionExtensions
public static class HostApplicationBuilderExtensions
{
public static IServiceCollection AddIdentityApi(
this IServiceCollection services,
IConfiguration configuration,
IHostEnvironment environment)
public static IHostApplicationBuilder AddIdentityApi(this IHostApplicationBuilder builder)
{
if (!environment.IsUnitTests() && !environment.IsEndToEndTests())
if (!builder.Environment.IsUnitTests() && !builder.Environment.IsEndToEndTests())
{
services.AddOptions<GetAnIdentityOptions>()
.Bind(configuration.GetSection("GetAnIdentity"))
builder.Services.AddOptions<GetAnIdentityOptions>()
.Bind(builder.Configuration.GetSection("GetAnIdentity"))
.ValidateDataAnnotations()
.ValidateOnStart();

services
builder.Services
.AddTransient<ClientCredentialsBearerTokenDelegatingHandler>()
.AddHttpClient<ClientCredentialsBearerTokenDelegatingHandler>();

services
builder.Services
.AddHttpClient<IGetAnIdentityApiClient, GetAnIdentityApiClient>((sp, httpClient) =>
{
var options = sp.GetRequiredService<IOptions<GetAnIdentityOptions>>();
@@ -33,6 +30,6 @@ public static IServiceCollection AddIdentityApi(
.AddHttpMessageHandler<ClientCredentialsBearerTokenDelegatingHandler>();
}

return services;
return builder;
}
}
Original file line number Diff line number Diff line change
@@ -27,7 +27,9 @@ public static IHostApplicationBuilder AddServiceDefaults(

if (builder.Environment.IsProduction())
{
builder.Configuration.AddJsonEnvironmentVariable("AppConfig");
builder.Configuration
.AddJsonEnvironmentVariable("AppConfig")
.AddJsonEnvironmentVariable("SharedConfig");

builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
Original file line number Diff line number Diff line change
@@ -9,6 +9,7 @@
using TeachingRecordSystem.Core.Infrastructure.Configuration;
using TeachingRecordSystem.Core.Jobs;
using TeachingRecordSystem.Core.Services.DqtReporting;
using TeachingRecordSystem.Core.Services.GetAnIdentityApi;
using TeachingRecordSystem.Core.Services.Notify;
using TeachingRecordSystem.Core.Services.TrnGenerationApi;
using TeachingRecordSystem.Core.Services.TrsDataSync;
@@ -21,7 +22,9 @@

if (builder.Environment.IsProduction())
{
builder.Configuration.AddJsonEnvironmentVariable("AppConfig");
builder.Configuration
.AddJsonEnvironmentVariable("AppConfig")
.AddJsonEnvironmentVariable("SharedConfig");
}

builder.ConfigureLogging();
@@ -35,7 +38,8 @@
.AddHangfire()
.AddBackgroundJobs()
.AddBackgroundWorkScheduler()
.AddEmail();
.AddEmail()
.AddIdentityApi();

var crmServiceClient = new ServiceClient(builder.Configuration.GetRequiredValue("ConnectionStrings:Crm"))
{
17 changes: 10 additions & 7 deletions terraform/aks/app.tf
Original file line number Diff line number Diff line change
@@ -54,10 +54,10 @@ module "api_application_configuration" {
secret_key_vault_short = "api"

config_variables = {
SENTRY_ENVIRONMENT = var.environment_name
DataProtectionKeysContainerName = azurerm_storage_container.keys.name
DistributedLockContainerName = azurerm_storage_container.locks.name
RecurringJobs__Enabled = var.run_recurring_jobs
DataProtectionKeysContainerName = azurerm_storage_container.keys.name
SENTRY_ENVIRONMENT = var.environment_name
}

secret_variables = {
@@ -66,6 +66,7 @@ module "api_application_configuration" {
ConnectionStrings__Redis = module.redis.connection_string
StorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app_storage.name};AccountKey=${azurerm_storage_account.app_storage.primary_access_key}"
Sentry__Dsn = module.infrastructure_secrets.map.SENTRY-DSN
SharedConfig = module.infrastructure_secrets.map.SharedConfig
}
}

@@ -104,16 +105,17 @@ module "ui_application_configuration" {
secret_key_vault_short = "ui"

config_variables = {
SENTRY_ENVIRONMENT = var.environment_name
DataProtectionKeysContainerName = azurerm_storage_container.keys.name
SENTRY_ENVIRONMENT = var.environment_name
}

secret_variables = {
ApplicationInsights__ConnectionString = azurerm_application_insights.app.connection_string
ConnectionStrings__DefaultConnection = module.postgres.dotnet_connection_string
ConnectionStrings__Redis = "${module.redis.connection_string},defaultDatabase=1"
StorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app_storage.name};AccountKey=${azurerm_storage_account.app_storage.primary_access_key}"
Sentry__Dsn = module.infrastructure_secrets.map.SENTRY-DSN
SharedConfig = module.infrastructure_secrets.map.SharedConfig
StorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app_storage.name};AccountKey=${azurerm_storage_account.app_storage.primary_access_key}"
}
}

@@ -151,17 +153,18 @@ module "worker_application_configuration" {
secret_key_vault_short = "worker"

config_variables = {
SENTRY_ENVIRONMENT = var.environment_name
DistributedLockContainerName = azurerm_storage_container.locks.name
DqtReporting__RunService = var.run_dqt_reporting_service
SENTRY_ENVIRONMENT = var.environment_name
}

secret_variables = {
ApplicationInsights__ConnectionString = azurerm_application_insights.app.connection_string
ConnectionStrings__DefaultConnection = module.postgres.dotnet_connection_string
StorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app_storage.name};AccountKey=${azurerm_storage_account.app_storage.primary_access_key}"
Sentry__Dsn = module.infrastructure_secrets.map.SENTRY-DSN
DqtReporting__ReportingDbConnectionString = local.reporting_db_connection_string
Sentry__Dsn = module.infrastructure_secrets.map.SENTRY-DSN
StorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=${azurerm_storage_account.app_storage.name};AccountKey=${azurerm_storage_account.app_storage.primary_access_key}"
SharedConfig = module.infrastructure_secrets.map.SharedConfig
}
}

0 comments on commit 2fc3acd

Please sign in to comment.