Allow to configure private extra vcl_recv for DGU

We want to be able to temporarily alter request by adding private (stored in govuk-fastly-secrets) rules to the subroutine. This may be helpful when handling with incidents.
alphagov · Apr 9, 2024 · 7e108f8 · 7e108f8
1 parent 79770b4
commit 7e108f8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/modules/datagovuk/datagovuk.vcl.tftpl b/modules/datagovuk/datagovuk.vcl.tftpl
@@ -72,6 +72,10 @@ sub vcl_recv {
   if (!req.http.Fastly-SSL) {
      error 801 "Force SSL";
   }
+
+  %{ if private_extra_vcl_recv != "" ~}
+    ${private_extra_vcl_recv}
+  %{ endif ~}
 
   ${indent(2, file("${module_path}/../shared/_security_txt_request.vcl"))}
 

diff --git a/modules/datagovuk/service.tf b/modules/datagovuk/service.tf
@@ -30,6 +30,8 @@ locals {
       gcs_mirror_prefix = null
       gcs_mirror_probe = null
       gcs_mirror_port = 443
+
+      private_extra_vcl_recv = ""
     },
     { # computed values
       formatted_allowed_ip_addresses = local.formatted_allowed_ips