di-ipv-cri-uk-passport-back
This the back-end code for the UK Passport Credential Issuer(CRI) for the Identity Proofing and Verification (IPV) system within the GDS digital identity platform, GOV.UK Sign In.
- IS_LOCAL - This only needs to be assigned when running locally. This is set to
trueinlocal-startup.
Each environment has a specific table name prefix e.g. dev-{dynamo-table-name}
These values are automatically assigned by terraform within the aws_lambda_function resource
- ACCESS_TOKENS_TABLE_NAME
- AUTH_CODES_TABLE_NAME
- CRI_PASSPORT_CREDENTIALS_TABLE_NAME
Completely optional, there is a .pre-commit-config.yaml configuration setup in this repo, this uses pre-commit to verify your commit before actually commiting, it runs the following checks:
- Check Json files for formatting issues
- Fixes end of file issues (it will auto correct if it spots an issue - you will need to run the git commit again after it has fixed the issue)
- It automatically removes trailing whitespaces (again will need to run commit again after it detects and fixes the issue)
- Detects aws credentials or private keys accidentally added to the repo
- runs cloud formation linter and detects issues
- runs checkov and checks for any issues.
To use this locally you will first need to install the dependencies, this can be done in 2 ways:
Run the following in a terminal:
sudo -H pip3 install checkov pre-commit cfn-lint
this should work across platforms
If you have brew installed please run the following:
brew install pre-commit ;\
brew install cfn-lint ;\
brew install checkov
once installed run:
pre-commit install
To update the various versions of the pre-commit plugins, this can be done by running:
pre-commit autoupdate && pre-commit install
This will install / configure the pre-commit git hooks, if it detects an issue while committing it will produce an output like the following:
git commit -a
check json...........................................(no files to check)Skipped
fix end of files.........................................................Passed
trim trailing whitespace.................................................Passed
detect aws credentials...................................................Passed
detect private key.......................................................Passed
AWS CloudFormation Linter................................................Failed
- hook id: cfn-python-lint
- exit code: 4
W3011 Both UpdateReplacePolicy and DeletionPolicy are needed to protect Resources/PublicHostedZone from deletion
core/deploy/dns-zones/template.yaml:20:3
Checkov..............................................(no files to check)Skipped
- hook id: checkov