Create DynamoDB resources (and other template files) for deed service (…

…#1)

* Create DynamoDB resources for deed service

Example bash script to test:
```sh
export AWS_ACCESS_KEY_ID=X
export AWS_SECRET_ACCESS_KEY=X

aws --endpoint-url http://localhost:8030 dynamodb put-item --table-name=events --item='{"uid":{"S":"2134"},"created":{"S":"2023-08-23T11:30:40Z"},"event_type":{"S":"CHANGE_ADDRESS"}}'
aws --endpoint-url http://localhost:8030 dynamodb put-item --table-name=events --item='{"uid":{"S":"2134"},"created":{"S":"2023-08-21T12:30:40Z"},"event_type":{"S":"SEVER_RESTRICTIONS"}}'

aws --endpoint-url http://localhost:8030 dynamodb get-item --table-name=events --key='{"uid":{"S":"2134"},"created":{"S":"2023-08-21T12:30:40Z"}}'

aws --endpoint-url http://localhost:8030 dynamodb query --table-name=events --key-condition-expression 'uid = :uid AND created BETWEEN :start and :end' --expression-attribute-values '{":uid":{"S": "2134"},":start":{"S":"2023-08-23"},":end":{"S":"2023-08-24"}}'
aws --endpoint-url http://localhost:8030 dynamodb query --table-name=events --key-condition-expression 'uid = :uid' --filter-expression='event_type = :type' --expression-attribute-values '{":uid":{"S": "2134"},":type":{"S":"CHANGE_ADDRESS"}}'

aws --endpoint-url http://localhost:8030 dynamodb query --table-name=events --key-condition-expression 'uid = :uid' --expression-attribute-values '{":uid":{"S": "2134"}}' --scan-index-forward
```

Fixes VEGA-1941 #minor

* Add repository template files

- ADRs
- DSL diagrams
- Documentation
- Pre-commit and prettier

.adr-dir

@@ -0,0 +1 @@
+docs/architecture/decisions

.github/workflows/validate-api.yaml

@@ -0,0 +1,22 @@
+name: Validate OpenAPI spec
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+jobs:
+  validate:
+    name: Validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v3
+        with:
+          node-version: lts/*
+      - run: npx @redocly/cli lint ./docs/openapi/openapi.yaml --skip-rule no-empty-servers

.gitignore

@@ -0,0 +1,19 @@
+# OS
+.DS_STORE
+#  terraform
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+*.tfvars
+secrets.auto.tfvars
+# editors
+.vscode/
+.idea
+*.iml
+# envs
+.env
+venv/
+env/
+# structurizr
+.structurizr
+docs/architecture/dsl/**/workspace.json

.pre-commit-config.yaml

@@ -0,0 +1,20 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.27.0
+    hooks:
+      - id: terraform_fmt
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.2.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+  - repo: https://github.com/awslabs/git-secrets
+    rev: master
+    hooks:
+      - id: git-secrets
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.8.4
+    hooks:
+      - id: gitleaks

.prettierrc.json

@@ -0,0 +1 @@
+{}

CODEOWNERS

@@ -0,0 +1 @@
+*       @ministryofjustice/sirius

CODE_OF_CONDUCT.md

@@ -0,0 +1,88 @@
+# Code of conduct for `ministryofjustice`
+
+Contributors to repositories hosted in `ministryofjustice` are expected to
+follow the Contributor Covenant Code of
+Conduct, and those working within Government are also expected to follow the Civil Service Code
+
+## Civil Service Code
+
+The [Civil Service Code](https://www.gov.uk/government/publications/civil-service-code/the-civil-service-code)
+
+## Contributor Covenant Code of Conduct
+
+> Note:
+> * where the code of conduct says "project" we mean the Ministry of Justice, `@ministryofjustice` and all repositories hosted within it.
+> * where the code of conduct says "maintainer" we mean `@ministryofjustice` organisation owners
+> * where the code of conduct says "leadership" we mean both `@ministryofjustice` organisation owners, line managers, and other leadership within the Ministry of Justice
+
+### Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+### Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+### Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+### Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+### Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+### Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Crown copyright (Ministry of Justice)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,36 @@
+SHELL = '/bin/bash'
+export AWS_ACCESS_KEY_ID ?= X
+export AWS_SECRET_ACCESS_KEY ?= X
+
+build:
+  # Nothing to build yet
+
+up:
+	docker-compose up -d
+
+down:
+	docker-compose down
+
+create-tables:
+	aws --endpoint-url http://localhost:8030 dynamodb create-table \
+		--no-cli-pager \
+		--table-name deeds \
+		--attribute-definitions AttributeName=uid,AttributeType=S \
+		--key-schema AttributeName=uid,KeyType=HASH \
+		--billing-mode PAY_PER_REQUEST
+
+	aws --endpoint-url http://localhost:8030 dynamodb create-table \
+		--no-cli-pager \
+		--table-name events \
+		--attribute-definitions AttributeName=uid,AttributeType=S AttributeName=created,AttributeType=S \
+		--key-schema AttributeName=uid,KeyType=HASH AttributeName=created,KeyType=RANGE \
+		--billing-mode PAY_PER_REQUEST
+
+run-structurizr:
+	docker pull structurizr/lite
+	docker run -it --rm -p 4080:8080 -v $(PWD)/docs/architecture/dsl/local:/usr/local/structurizr structurizr/lite
+
+run-structurizr-export:
+	docker pull structurizr/cli:latest
+	docker run --rm -v $(PWD)/docs/architecture/dsl/local:/usr/local/structurizr structurizr/cli \
+	export -workspace /usr/local/structurizr/workspace.dsl -format mermaid

README.md

@@ -1,2 +1,3 @@
 # opg-data-lpa-deed
+
 LPA deed service: Managed by opg-org-infra & Terraform

docker-compose.yml

@@ -0,0 +1,7 @@
+version: "3.6"
+
+services:
+  ddb:
+    image: amazon/dynamodb-local:latest
+    ports:
+      - 8030:8000

docs/architecture/decisions/0001-record-architecture-decisions.md

@@ -0,0 +1,19 @@
+# 1. Record architecture decisions
+
+Date: 2023-08-23
+
+## Status
+
+Accepted
+
+## Context
+
+We need to record the architectural decisions made on this project.
+
+## Decision
+
+We will use Architecture Decision Records, as [described by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions).
+
+## Consequences
+
+See Michael Nygard's article, linked above. For a lightweight ADR toolset, see Nat Pryce's [adr-tools](https://github.com/npryce/adr-tools).

docs/architecture/dsl/README.md

@@ -0,0 +1,22 @@
+# C4 Models via Structurizr
+
+## Purpose
+
+To provide an up to date Diagram as Code C4 Model of our application model to maintain a overview of the structure.
+
+This should be updated as changes to the application occur and can be used to plan future iterations of the application structure.
+
+## Instructions
+
+The local folder contains Diagrams as Code that can be run with the following commands.
+
+### To run in browser locally
+
+- Run `make run-structurizr`
+- Open a browser to [http://localhost:8080](http://localhost:8080)
+- Open the workspace.dsl file and edit
+- Every 2 seconds the website will check for updates and refresh if changes are detected
+
+### To export Mermaid files
+
+- Run `make run-structurizr-export`

docs/architecture/dsl/local/lpaDeedService.dsl

@@ -0,0 +1,13 @@
+lpaDeedService = softwareSystem "LPA Deed Service" "Stores deeds and manages changes to them" {
+    database = container "Database" "Stores deeds and events" "DynamoDB" "Database"
+    lambda = container "Lambda" "Executes code for storing, updating and retrieving deeds" "AWS Lambda, Go" "Component" {
+        -> database "Queries and writes to"
+    }
+    iam = container "IAM" "Manages permissions to API Gateway" "AWS IAM" "Component"
+    certificateManager = container "Certificate Manager" "Generate a valid cert for SSL connectivity to the API" "AWS Certificate Manager" "Component"
+    dns = container "DNS" "Generate a friendly DNS Name for the API" "AWS Route 53" "Component"
+    apiGateway = container "API Gateway" "Provides a REST API for communication to the service." "AWS API Gateway v2, OpenAPI" "Component" {
+        -> lambda "Forwards requests to and Returns responses from"
+        -> iam "Validates requests"
+    }
+}

docs/architecture/dsl/local/workspace.dsl

@@ -0,0 +1,43 @@
+workspace {
+    model {
+        !include https://raw.githubusercontent.com/ministryofjustice/opg-technical-guidance/main/dsl/poas/persons.dsl
+                !include https://raw.githubusercontent.com/ministryofjustice/opg-modernising-lpa/main/docs/architecture/dsl/local/makeRegisterSoftwareSystem.dsl
+        !include lpaDeedService.dsl
+        lpaCaseManagement = softwareSystem "LPA Case Management" "PKA Sirius." "Existing System" {
+            -> apiGateway "Gets deeds from and sends updates to"
+        }
+
+        ualpa_SoftwareSystem = softwareSystem "Use A Lasting Power of Attorney" "Allows LPA Actors to retrieve and share LPAs with People and Organisations interested in LPAs" "Existing System" {
+            -> apiGateway "Gets deeds from"
+        }
+
+        makeRegisterSoftwareSystem -> apiGateway "Sends deeds to"
+    }
+
+    views {
+        systemContext lpaDeedService "SystemContext" {
+            include *
+            autoLayout
+        }
+
+        container lpaDeedService {
+            include *
+            autoLayout
+        }
+
+        theme default
+
+        styles {
+            element "Existing System" {
+                background #999999
+                color #ffffff
+            }
+            element "Web Browser" {
+                shape WebBrowser
+            }
+            element "Database" {
+                shape Cylinder
+            }
+        }
+    }
+}

docs/openapi/openapi.yaml

@@ -0,0 +1,17 @@
+openapi: "3.0.2"
+info:
+  title: LPA Deed Service
+  version: "1.0"
+  license:
+    name: MIT
+    url: https://opensource.org/licenses/MIT
+servers:
+  - url: https://lpa-deed.api.opg.service.justice.gov.uk
+    description: Production
+  - url: https://preproduction.lpa-deed.api.opg.service.justice.gov.uk
+    description: Preproduction
+  - url: https://development.lpa-deed.api.opg.service.justice.gov.uk
+    description: Development
+security:
+  - {}
+paths: {}

metadata.json

@@ -0,0 +1,5 @@
+{
+  "$schema": "https://raw.githubusercontent.com/ministryofjustice/opg-repository-reporting/main/schema/v0.0.1.json",
+  "owners": ["vega"],
+  "dependencies": []
+}

renovate.json

@@ -0,0 +1,40 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "branchPrefix": "renovate-",
+  "commitMessageAction": "Renovate Update",
+  "labels": [
+    "Dependencies",
+    "Renovate"
+  ],
+  "packageRules": [
+    {
+      "automerge": true,
+      "groupName": "Patch & Minor Updates",
+      "groupSlug": "all-minor-patch-updates",
+      "matchPackagePatterns": [
+        "*"
+      ],
+      "matchUpdateTypes": [
+        "minor",
+        "patch"
+      ],
+      "stabilityDays": 3,
+      "prPriority": 4
+    }
+  ],
+  "major": {
+    "automerge": false,
+    "stabilityDays": 3,
+    "prPriority": 0
+  },
+  "vulnerabilityAlerts": {
+    "groupName": "Security Alerts",
+    "rangeStrategy": "update-lockfile",
+    "commitMessagePrefix": "[SECURITY]",
+    "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
+    "prPriority": 5
+  }
+}