Merge pull request #493 from ministryofjustice/spaniel-daniel-review

Pages reviewed and updated where appropriate.

makefile

@@ -1,10 +1,18 @@
+.DEFAULT_GOAL := help
 IMAGE := ministryofjustice/tech-docs-github-pages-publisher:1.4
 
-# Use this to run a local instance of the documentation site, while editing
-.PHONY: preview
-preview:
+.PHONY: preview report
+
+preview: ## Run a local instance of the documentation site, while editing
 	docker run --rm \
 		-v $$(pwd)/config:/app/config \
 		-v $$(pwd)/source:/app/source \
 		-p 4567:4567 \
 		-it $(IMAGE) /publishing-scripts/preview.sh
+
+
+report: ## Review which pages have expired
+	 ./report-for-daniel-the-manual-spaniel.sh
+
+help:
+	@grep -h -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

report-for-daniel-the-manual-spaniel.sh

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+
+## Simple script to quickly review which pages have expired and which are due
+## to expire in next three weeks.
+
+function check_dependencies () {
+
+  if ! command -v ag; then
+    echo -e "\nThe silver searcher is required to run this script"
+    echo -e "https://github.com/ggreer/the_silver_searcher \n"
+    exit 1
+  fi
+
+  if ! command -v datediff >/dev/null 2>&1; then
+    echo -e "\ndatediff is required to run this script"
+    echo "it is part of 'dateutils' - install with brew or os package manager"
+    echo -e "https://github.com/hroptatyr/dateutils \n"
+    exit 1
+  fi
+}
+
+function readlines () {
+    local N="$1"
+    local line
+    local rc="1"
+
+    # Read at most N lines
+    for i in $(seq 1 $N)
+    do
+        # Try reading a single line
+        read line
+        if [ $? -eq 0 ]
+        then
+            # Output line
+            echo $line
+            rc="0"
+        else
+            break
+        fi
+    done
+
+    # Return 1 if no lines where read
+    return $rc
+}
+
+run_report () {
+  local report
+  local today
+  local expiring_pages
+  local expired_pages
+
+  local last_reviewed_on
+  local review_in
+  local expiry
+  local expiry_diff
+
+  report=$(ag last_reviewed_on -A 1 --ignore "*.txt" --ignore "*.sh" --group)
+  today=$(date '+%Y-%m-%d')
+  expiring_pages="Following pages expiring in next 3 weeks:\n"
+  expired_pages="Following pages have expired:\n"
+
+  while chunk=$(readlines 4)
+  do
+      echo "******************************************************************************************"
+      echo "$chunk"
+      echo ""
+
+      last_reviewed_on="$(echo "$chunk" | grep "last_reviewed_on" | cut -d " " -f 2)"
+      echo "last_reviewed_on: ${last_reviewed_on}"
+
+      review_in="$(echo "$chunk" | grep "review_in" | cut -d " " -f 2)"
+      echo "review_in: ${review_in}"
+
+      review_in_days=$(expr ${review_in} \* 30)
+      echo "review_in_days: ${review_in_days}"
+
+      expiry=$(date -d "${last_reviewed_on}+${review_in_days}days" '+%Y-%m-%d')
+      echo "expiry: ${expiry}"
+
+      expiry_diff=$(datediff ${today} ${expiry})
+      echo "expiry_diff: ${expiry_diff}"
+
+      page="$(echo "$chunk" | grep "source" | cut -d "/" -f1-)"
+
+      if [[ ${expiry_diff} -gt 0 ]];then
+        echo "****** fine ${page}  *****"
+
+        if [[ ${expiry_diff} -lt 21 ]];then
+          echo "****** due ${page}  *****"
+          expiring_pages+="$(echo -e "\nExpiring in ${expiry_diff} days: ${page}")"
+        fi
+      else
+        echo "****** review ${page}  *****"
+        expired_pages+="$(echo -e "\nExpired ${expiry_diff} days ago: ${page}")"
+      fi
+
+      echo "******************************************************************************************"
+      echo ""
+      echo ""
+  done  <<<"${report}"
+
+  echo ""
+  echo ""
+  echo -e "${expiring_pages}"
+
+  echo ""
+  echo ""
+  echo -e "${expired_pages}"
+  echo ""
+  echo ""
+}
+
+main() {
+  check_dependencies
+  run_report
+}
+
+main

source/documentation/adrs/000-record-architecture-decisions.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 000 - Record architecture decisions
-last_reviewed_on: 2023-10-05
+last_reviewed_on: 2023-10-20
 review_in: 3 months
 ---
 

source/documentation/adrs/001-use-bind-for-device-domain-naming-system.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 001 - Use BIND DNS for device name resolution
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -17,7 +17,7 @@ Staff devices e.g. laptops and desktops connected to our network will need [DNS]
 
 There is a requirement that this service is able to automatically scale (both up and down) to cope with varying load levels during the course of the day.
 
-There is a limitation around using the fully managed AWS Route53 DNS service as it does not support DNS forwarding. 
+There is a limitation around using the fully managed AWS Route53 DNS service as it does not support DNS forwarding.
 
 **Dec 2021 Update** Route53 can now forward DNS requests e.g. [PDNS](https://www.ncsc.gov.uk/information/pdns)
 

source/documentation/adrs/002-use-cloud-platform-to-host-dhcp-dns.html.md.erb

@@ -1,14 +1,14 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 002 - Use Cloud Platform to host DHCP and DNS
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
 # 002 - Use Cloud Platform to host DHCP and DNS
 Date: 2020-05-22
 
-## Status 
+## Status
 ❌ Rejected
 
 ## Context
@@ -21,7 +21,7 @@ After [investigations](https://github.com/ministryofjustice/cloud-platform/issue
 
 **Update 6th January 2021**
 
-The Cloud Platform `live` cluster is now running on Kubernetes 1.20 which should allow TCP and UDP on the network load balancer 
+The Cloud Platform `live` cluster is now running on Kubernetes 1.20 which should allow TCP and UDP on the network load balancer
 
 ([see issue here](https://github.com/ministryofjustice/cloud-platform/issues/1897#issuecomment-1006539120))
 

source/documentation/adrs/003-use-aws-elastic-container-service-for-dhcp-dns.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 003 - Use AWS Elastic Container Service for DHCP DNS
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -29,4 +29,4 @@ Less administrative overhead than running virtual machines e.g. EC2 and less com
 
 ### Disadvantages
 
-Still need to provision the service, require CI/CD tooling, operational documentation and forever maintaining those things.
+Still need to provision the service, require CI/CD tooling, operational documentation and forever maintaining those things.

source/documentation/adrs/004-use-aws-codepiplines-for-cicd.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 004 - Use AWS CodePipelines for CI/CD
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 

source/documentation/adrs/005-use-log-aggregration-platform-for-logging.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 005 - Use Log Aggregation Platform
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -74,9 +74,9 @@ The Operational Security Logging Platform is ready to accept these logs and the
 
 ### Advantages
 
-- We don't need to stand up our own logging infrastructure 
+- We don't need to stand up our own logging infrastructure
 - Availability of logs from different sources in one location.
 
 ### Disadvantages
 
-- Reliant on another team which means we may need to wait sometime before we get an aggregated view of our logs.
+- Reliant on another team which means we may need to wait sometime before we get an aggregated view of our logs.

source/documentation/adrs/006-use-aws-parameter-store-for-secrets.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 006 - Use AWS Parameter Store for Secrets
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -17,14 +17,14 @@ There is a need to store infrastructure secrets securely in the [PTTP](https://m
 
 ## Decision
 
-Use AWS SSM Parameter Store. 
+Use AWS SSM Parameter Store.
 - Aligned with [MoJ Security Guidance](https://security-guidance.service.justice.gov.uk/secrets-management/#application--infrastructure-secrets)
 - Compatible with AWS services e.g. [CodePipelines](https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-example)
 - The use of AWS Secrets Manager can easily be extended if required.
 
-### Alternative Considerations: 
+### Alternative Considerations:
 #### AWS Secrets Manager
 AWS Secrets Manager has ability to automatically rotate secrets for AWS RDS access. AWS Secrets Manager has a higher cost than AWS SSM Parameter Store.
 
 #### HashiCorp Vault
-HashiCorp Vault is an open-source secret management solution. In order to use it we would have to host and manage an instance of the service ourselves. The cost of hosting, as well as the time to ensure data has appropriate backups, gives this service a high maintenance cost and overhead.
+HashiCorp Vault is an open-source secret management solution. In order to use it we would have to host and manage an instance of the service ourselves. The cost of hosting, as well as the time to ensure data has appropriate backups, gives this service a high maintenance cost and overhead.

source/documentation/adrs/007-use-prometheus-and-grafana-for-metrics-alerting.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 007 - Use Prometheus and Grafana for metrics and alerting
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -33,4 +33,4 @@ Use [Prometheus](https://prometheus.io/) for metrics and [Grafana](https://grafa
 - Prometheus [Exporters](https://prometheus.io/docs/instrumenting/exporters/) allow collection of metrics from network devices using [SNMP](https://github.com/prometheus/snmp_exporter), as well as the many [native](https://prometheus.io/docs/instrumenting/exporters/#software-exposing-prometheus-metrics) applications
 - Grafana to visualise a [wide variety](https://grafana.com/docs/grafana/latest/datasources/) of sources.
 - Grafana can send notifications when a custom metric thresholds. Can be easily integrated into Slack (when availble ServiceNow)
-- Can be deployed into our existing CI/CD pipelines used for DHCP/DNS.
+- Can be deployed into our existing CI/CD pipelines used for DHCP/DNS.

source/documentation/adrs/008-use-aws-elastic-container-registry.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 008 - Use AWS Elastic Container Registry
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -22,4 +22,4 @@ Created issue [here](https://github.com/ministryofjustice/nvvs-devops/issues/96)
 ## Decision
 
 We will use AWS Elastic Container Registry to store our images.
-- It integrates with CodePipelines and existing workflows and will remove the limits we have been hitting..
+- It integrates with CodePipelines and existing workflows and will remove the limits we have been hitting..

source/documentation/adrs/009-use-aws-sso-for-aws-account-access.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 009 - Use AWS SSO for AWS Account Access
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -14,13 +14,13 @@ Date: 2021-05-01
 
 ## Context
 
-We need to use Single Sign On to access all our AWS accounts. 
+We need to use Single Sign On to access all our AWS accounts.
 We currently use AzureAD for securing access to many of our services.
 
 ## Decision
 
 We will use the [Modernisation Platforms](https://github.com/ministryofjustice/modernisation-platform) implementation of  [AWS Single Sign On](https://user-guide.modernisation-platform.service.justice.gov.uk/concepts/environments/single-sign-on.html#single-sign-on). It is being used by many teams already so means less development time forour growing team. It does require the use of a MoJ Org GitHub account, but that requirement only further facilitates using [infrastructure as code](https://en.wikipedia.org/wiki/Infrastructure_as_code) within our AWS accounts.
 
-### Alternative Considerations: 
+### Alternative Considerations:
 #### AzureAD
-AzureAD is currently managed externally, this means that automating user and groups is not possible which limits its potential.
+AzureAD is currently managed externally, this means that automating user and groups is not possible which limits its potential.

source/documentation/adrs/010-use-aws-eks-for-monitoring-infrastructure.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 010 - Use AWS EKS for monitoring infrastructure
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---
 
@@ -13,20 +13,20 @@ Date: 2021-03-22
 
 ## Context
 
-The infrastructure monitoring and alerting platform consists of several services deployed as docker containers. So far these containers have been running on ECS via Fargate, chosen because of the relative ease with which it allows us to get instances provisioned. 
+The infrastructure monitoring and alerting platform consists of several services deployed as docker containers. So far these containers have been running on ECS via Fargate, chosen because of the relative ease with which it allows us to get instances provisioned.
 
-As the solution has grown, and the interactions between new services have become more complex, we have found that we are running up against Fargate's limitations and require finer-grained control over our deployments. 
+As the solution has grown, and the interactions between new services have become more complex, we have found that we are running up against Fargate's limitations and require finer-grained control over our deployments.
 
 Kubernetes is the industry standard platform for orchestrating and running container based workloads and provides considerably more flexibility in comparison to ECS and Fargate.
 
- 
+
 ## Decision
 
 Starting with Prometheus and Thanos, we are migrating our services over to AWS's managed Kubernetes offering - [Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/eks/).
 
 ## Consequences
 
-While it has the potential to be more complicated due to its increased flexibility, we believe that in the long run, Kubernetes will simplify the operation, maintenance, and improvement of the IMA platform. 
+While it has the potential to be more complicated due to its increased flexibility, we believe that in the long run, Kubernetes will simplify the operation, maintenance, and improvement of the IMA platform.
 It offers several advantages over Fargate:
 
 - Better networking support out of the box enabling:
@@ -36,6 +36,6 @@ It offers several advantages over Fargate:
   - faster development cycle
   - Simpler and clearer configuration
   - Less reliance on specific infrastructure (could conceivably run on any Kubernetes cluster, regardless of the provider)
-  - Reduced overall costs as the team can share the same development Kubernetes cluster 
+  - Reduced overall costs as the team can share the same development Kubernetes cluster
 - More aligned with common DevOps approaches in wider industry
-- The infrastructure will be ready to migrate to another hosting platform like Cloud Platform in the future. ([see issue here](https://github.com/ministryofjustice/cloud-platform/issues/3454))
+- The infrastructure will be ready to migrate to another hosting platform like Cloud Platform in the future. ([see issue here](https://github.com/ministryofjustice/cloud-platform/issues/3454))

source/documentation/adrs/011-use-github-actions-for-ci-cd.html.md.erb

@@ -1,7 +1,7 @@
 ---
 owner_slack: "#nvvs-devops"
 title: 011 - Use GitHub Actions for CI/CD
-last_reviewed_on: 2023-04-11
+last_reviewed_on: 2023-10-20
 review_in: 6 months
 ---