Review app config added. (#1396)

Makefile

@@ -58,6 +58,24 @@ production: paas
 	$(eval AZURE_BACKUP_STORAGE_ACCOUNT_NAME=s165p01dqtapidbbackup)
 	$(eval AZURE_BACKUP_STORAGE_CONTAINER_NAME=dqt-api)
 
+.PHONY: dv_review
+dv_review: aks dev-cluster
+	$(if $(CLUSTER), , $(error Missing environment variable "CLUSTER", Please specify a dev cluster name (eg 'cluster1')))
+	$(if $(IMAGE), , $(error Missing environment variable "IMAGE", Please specify an image tag for your review app))
+	$(if $(APP_NAME), , $(error Missing environment variable "APP_NAME", Please specify a pr number for your review app))
+	$(eval DEPLOY_ENV=dv_review)
+	$(eval AZURE_SUBSCRIPTION=s189-teacher-services-cloud-development)
+	$(eval RESOURCE_NAME_PREFIX=s189d01)
+	$(eval ENV_SHORT=rv)
+	$(eval ENV_TAG=dev)
+	$(eval DISABLE_PASSCODE=false)
+	$(eval backend_key=-backend-config=key=$(APP_NAME).tfstate)
+	$(eval export TF_VAR_cluster=$(CLUSTER))
+	$(eval export TF_VAR_docker_image=$(IMAGE))
+	$(eval export TF_VAR_app_name=$(APP_NAME))
+
+
+
 .PHONY: dev_aks
 dev_aks: aks test-cluster
 	$(eval DEPLOY_ENV=dev)
@@ -209,7 +227,7 @@ terraform-init:
 	$(eval export TF_VAR_azure_resource_prefix=$(RESOURCE_NAME_PREFIX))
 
 	[[ "${SP_AUTH}" != "true" ]] && az account set -s $(AZURE_SUBSCRIPTION) || true
-	terraform -chdir=terraform/$(PLATFORM) init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars -reconfigure
+	terraform -chdir=terraform/$(PLATFORM) init -backend-config workspace_variables/${DEPLOY_ENV}.backend.tfvars  $(backend_key) -reconfigure
 
 terraform-plan: terraform-init # make [env] terraform-plan init
 	terraform -chdir=terraform/$(PLATFORM) plan -var-file workspace_variables/${DEPLOY_ENV}.tfvars.json
@@ -222,10 +240,10 @@ terraform-destroy: terraform-init
 
 deploy-azure-resources: set-azure-account # make dev deploy-azure-resources CONFIRM_DEPLOY=1
 	$(if $(CONFIRM_DEPLOY), , $(error can only run with CONFIRM_DEPLOY))
-	az deployment sub create -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']"
+	az deployment sub create --name "resourcedeploy-trs-$(shell date +%Y%m%d%H%M%S)" -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']"
 
 validate-azure-resources: set-azure-account # make dev validate-azure-resources
-	az deployment sub create -l "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']" --what-if
+	az deployment sub create --name "resourcedeploy-trs-$(shell date +%Y%m%d%H%M%S)"  -l  "${REGION}" --template-uri "https://raw.githubusercontent.com/DFE-Digital/tra-shared-services/main/azure/resourcedeploy.json" --parameters "resourceGroupName=${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-rg" 'tags=${RG_TAGS}' "tfStorageAccountName=${RESOURCE_NAME_PREFIX}${SERVICE_SHORT}tfstate${ENV_SHORT}" "tfStorageContainerName=${SERVICE_SHORT}-tfstate" "dbBackupStorageAccountName=${AZURE_BACKUP_STORAGE_ACCOUNT_NAME}" "dbBackupStorageContainerName=${AZURE_BACKUP_STORAGE_CONTAINER_NAME}" "keyVaultNames=['${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-api-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-authz-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-inf-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-ui-kv', '${RESOURCE_NAME_PREFIX}-${SERVICE_SHORT}-${ENV_SHORT}-worker-kv']" --what-if
 
 
 domains-init: bin/terrafile set-azure-pd-subscription ## make [env] domains-init -  terraform init for environment dns/afd resources
@@ -270,3 +288,7 @@ production-cluster:
 get-cluster-credentials: set-azure-account
 	az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME}
 	kubelogin convert-kubeconfig -l $(if ${GITHUB_ACTIONS},spn,azurecli)
+
+dev-cluster:
+	$(eval CLUSTER_RESOURCE_GROUP_NAME=s189d01-tsc-dv-rg)
+	$(eval CLUSTER_NAME=s189d01-tsc-${CLUSTER}-aks)

terraform/aks/app.tf

@@ -1,5 +1,5 @@
 resource "azurerm_application_insights" "app" {
-  name                = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}ai"
+  name                = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}${var.app_name != null && var.app_name != "" ? var.app_name : ""}ai"
   resource_group_name = var.resource_group_name
   location            = var.region
   application_type    = "web"
@@ -13,7 +13,7 @@ resource "azurerm_application_insights" "app" {
 
 resource "kubernetes_job" "migrations" {
   metadata {
-    name      = "${var.service_name}-${var.environment_name}-migrations"
+    name      = "${var.service_name}-${local.app_name_suffix}-migrations"
     namespace = var.namespace
   }
 
@@ -52,7 +52,7 @@ module "api_application_configuration" {
   source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing"
 
   namespace              = var.namespace
-  environment            = var.environment_name
+  environment            = local.app_name_suffix
   azure_resource_prefix  = var.azure_resource_prefix
   service_short          = var.service_short_name
   config_short           = var.environment_short_name
@@ -62,7 +62,7 @@ module "api_application_configuration" {
     DataProtectionKeysContainerName = azurerm_storage_container.keys.name
     DistributedLockContainerName    = azurerm_storage_container.locks.name
     RecurringJobs__Enabled          = var.run_recurring_jobs
-    SENTRY_ENVIRONMENT              = var.environment_name
+    SENTRY_ENVIRONMENT              = local.app_name_suffix
   }
 
   secret_variables = {
@@ -83,7 +83,7 @@ module "api_application" {
   is_web = true
 
   namespace    = var.namespace
-  environment  = var.environment_name
+  environment  = local.app_name_suffix
   service_name = var.service_name
 
   cluster_configuration_map = module.cluster_data.configuration_map
@@ -104,15 +104,15 @@ module "authz_application_configuration" {
   source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing"
 
   namespace              = var.namespace
-  environment            = var.environment_name
+  environment            = local.app_name_suffix
   azure_resource_prefix  = var.azure_resource_prefix
   service_short          = var.service_short_name
   config_short           = var.environment_short_name
   secret_key_vault_short = "authz"
 
   config_variables = {
     DataProtectionKeysContainerName = azurerm_storage_container.keys.name
-    SENTRY_ENVIRONMENT              = var.environment_name
+    SENTRY_ENVIRONMENT              = local.app_name_suffix
     DUMMY                           = "Dummy variable to force new Kubernetes config map to be created"
   }
 
@@ -134,7 +134,7 @@ module "authz_application" {
   is_web = true
 
   namespace    = var.namespace
-  environment  = var.environment_name
+  environment  = local.app_name_suffix
   service_name = var.service_name
 
   cluster_configuration_map = module.cluster_data.configuration_map
@@ -155,15 +155,15 @@ module "ui_application_configuration" {
   source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing"
 
   namespace              = var.namespace
-  environment            = var.environment_name
+  environment            = local.app_name_suffix
   azure_resource_prefix  = var.azure_resource_prefix
   service_short          = var.service_short_name
   config_short           = var.environment_short_name
   secret_key_vault_short = "ui"
 
   config_variables = {
     DataProtectionKeysContainerName = azurerm_storage_container.keys.name
-    SENTRY_ENVIRONMENT              = var.environment_name
+    SENTRY_ENVIRONMENT              = local.app_name_suffix
   }
 
   secret_variables = {
@@ -184,7 +184,7 @@ module "ui_application" {
   is_web = true
 
   namespace    = var.namespace
-  environment  = var.environment_name
+  environment  = local.app_name_suffix
   service_name = var.service_name
 
   cluster_configuration_map = module.cluster_data.configuration_map
@@ -204,7 +204,7 @@ module "worker_application_configuration" {
   source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/application_configuration?ref=testing"
 
   namespace              = var.namespace
-  environment            = var.environment_name
+  environment            = local.app_name_suffix
   azure_resource_prefix  = var.azure_resource_prefix
   service_short          = var.service_short_name
   config_short           = var.environment_short_name
@@ -213,7 +213,7 @@ module "worker_application_configuration" {
   config_variables = {
     DistributedLockContainerName = azurerm_storage_container.locks.name
     DqtReporting__RunService     = var.run_dqt_reporting_service
-    SENTRY_ENVIRONMENT           = var.environment_name
+    SENTRY_ENVIRONMENT           = local.app_name_suffix
   }
 
   secret_variables = {
@@ -234,7 +234,7 @@ module "worker_application" {
   is_web = false
 
   namespace    = var.namespace
-  environment  = var.environment_name
+  environment  = local.app_name_suffix
   service_name = var.service_name
 
   cluster_configuration_map = module.cluster_data.configuration_map

terraform/aks/databases.tf

@@ -2,7 +2,7 @@ module "redis" {
   source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/redis?ref=testing"
 
   namespace             = var.namespace
-  environment           = var.environment_name
+  environment           = local.app_name_suffix
   azure_resource_prefix = var.azure_resource_prefix
   service_name          = var.service_name
   service_short         = var.service_short_name
@@ -22,7 +22,7 @@ module "postgres" {
   source = "git::https://github.com/DFE-Digital/terraform-modules.git//aks/postgres?ref=testing"
 
   namespace             = var.namespace
-  environment           = var.environment_name
+  environment           = local.app_name_suffix
   azure_resource_prefix = var.azure_resource_prefix
   service_name          = var.service_name
   service_short         = var.service_short_name

terraform/aks/dqt-reporting.tf

@@ -1,9 +1,8 @@
 locals {
   reporting_db_username          = var.deploy_dqt_reporting_server ? "u${random_string.reporting_server_username[0].result}" : null
   reporting_db_password          = var.deploy_dqt_reporting_server ? random_string.reporting_server_password[0].result : null
-  reporting_db_connection_string = var.deploy_dqt_reporting_server ? "Data Source=tcp:${azurerm_mssql_server.reporting_server[0].fully_qualified_domain_name},1433;Initial Catalog=${azurerm_mssql_database.reporting_db[0].name};Persist Security Info=False;User ID=${local.reporting_db_username};Password=${local.reporting_db_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" : module.infrastructure_secrets.map.DQT-REPORTING-CONNECTION-STRING
+  reporting_db_connection_string = var.deploy_dqt_reporting_server ? "Data Source=tcp:${azurerm_mssql_server.reporting_server[0].fully_qualified_domain_name},1433;Initial Catalog=${azurerm_mssql_database.reporting_db[0].name};Persist Security Info=False;User ID=${local.reporting_db_username};Password=${local.reporting_db_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" : lookup(module.infrastructure_secrets.map, "DQT-REPORTING-CONNECTION-STRING", "")
 }
-
 resource "random_string" "reporting_server_username" {
   count   = var.deploy_dqt_reporting_server ? 1 : 0
   length  = 15

terraform/aks/storage.tf

@@ -1,5 +1,5 @@
 resource "azurerm_storage_account" "app_storage" {
-  name                              = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}sa"
+  name                              = "${var.azure_resource_prefix}${var.service_short_name}${var.environment_short_name}${var.app_name != null && var.app_name != "" ? var.app_name : ""}sa"
   location                          = var.region
   resource_group_name               = var.resource_group_name
   account_replication_type          = var.environment_name != "production" ? "LRS" : "GRS"

terraform/aks/variables.tf

@@ -145,3 +145,11 @@ variable "statuscake_extra_urls" {
   description = "List of extra URLs for StatusCake, on top of the internal teacherservices.cloud ones"
   default     = []
 }
+
+variable "app_name" { default = null }
+
+variable "app_name_suffix" { default = null }
+
+locals {
+  app_name_suffix = var.app_name == null ? var.environment_name : var.app_name
+}

terraform/aks/workspace_variables/dv_review.backend.tfvars

@@ -0,0 +1,3 @@
+resource_group_name  = "s189d01-trs-rv-rg"
+storage_account_name = "s189d01trstfstaterv"
+container_name       = "trs-tfstate"

terraform/aks/workspace_variables/dv_review.tfvars.json

@@ -0,0 +1,11 @@
+{
+  "environment_name": "review",
+  "namespace": "development",
+  "resource_group_name": "s189d01-trs-rv-rg",
+  "enable_monitoring": false,
+  "deploy_dqt_reporting_server": false,
+  "run_dqt_reporting_service": false,
+  "run_recurring_jobs": false,
+  "enable_logit": true,
+  "deploy_azure_backing_services": false
+}