From f9560757ecbc5e85b78ef1c98d60fab33f63f332 Mon Sep 17 00:00:00 2001 From: Jack Plowman Date: Fri, 20 Oct 2023 08:47:55 +0100 Subject: [PATCH] Update terraform variables --- .github/workflows/code-quality.yml | 4 +- Makefile | 44 +------ build/automation/var/project.mk | 34 ++++-- infrastructure/stacks/application/iam.tf | 2 +- infrastructure/stacks/application/lambda.tf | 97 ++++++++-------- infrastructure/stacks/application/outputs.tf | 19 +++- infrastructure/stacks/application/sns.tf | 15 ++- infrastructure/stacks/application/sqs.tf | 48 ++++---- .../stacks/application/variables.tf | 107 +++++++++++++----- .../shared-resources/parameter-store.tf | 2 +- .../stacks/shared-resources/variables.tf | 2 +- 11 files changed, 209 insertions(+), 165 deletions(-) diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index c1c71ba96..f2cc34db7 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -33,10 +33,10 @@ jobs: with: projectBaseDir: . args: > - -Dsonar.sources=application,deployment,infrastructure,scripts,test,build/docker + -Dsonar.sources=application,infrastructure,scripts,test,build/docker -Dsonar.organization=nhsd-exeter -Dsonar.projectKey=uec-dos-int - -Dsonar.coverage.exclusions=tests/**,**/tests/**,deployment,infrastructure,application/dos_db_handler/**,test/**,scripts/**,application/conftest.py + -Dsonar.coverage.exclusions=tests/**,**/tests/**,infrastructure,application/dos_db_handler/**,test/**,scripts/**,application/conftest.py -Dsonar.python.coverage.reportPaths=coverage.xml -Dsonar.python.version=3.11 -Dsonar.exclusions=application/**/tests/** diff --git a/Makefile b/Makefile index e060032e2..61098afef 100644 --- a/Makefile +++ b/Makefile @@ -46,9 +46,9 @@ build-and-deploy: # Builds and Deploys whole project - mandatory: PROFILE populate-deployment-variables: echo "unset AWS_PROFILE" DEPLOYMENT_SECRETS=$$(make -s secret-get-existing-value NAME=$(DEPLOYMENT_SECRETS)) - echo "export SLACK_WEBHOOK_URL=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(SLACK_WEBHOOK_SECRET_KEY)')" - echo "export PROJECT_SYSTEM_EMAIL_ADDRESS=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(SYSTEM_EMAIL_KEY)')" - echo "export PROJECT_TEAM_EMAIL_ADDRESS=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(TEAM_EMAIL_KEY)')" + echo "export TF_VAR_slack_webhook_url=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(SLACK_WEBHOOK_SECRET_KEY)')" + echo "export TF_VAR_project_system_email_address=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(SYSTEM_EMAIL_KEY)')" + echo "export TF_VAR_project_team_email_address=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(TEAM_EMAIL_KEY)')" echo "export TF_VAR_service_category=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(SERVICE_CATEGORY_KEY)')" echo "export TF_VAR_data_classification=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(DATA_CLASSIFICATION_KEY)')" echo "export TF_VAR_distribution_list=$$(echo $$DEPLOYMENT_SECRETS | jq -r '.$(DISTRIBUTION_LIST_KEY)')" @@ -480,39 +480,6 @@ tag-commit-to-rollback-blue-green-environment: # Tags commit to rollback blue/gr commit-date-hash-tag: echo "$(BUILD_COMMIT_DATETIME)-$(BUILD_COMMIT_HASH)" -check-ecr-image-tag-exist: ### Check image with tag exists in ECR - mandatory: REPO=[repository name],TAG=[string to match tag of an image] - if [ $$(aws ecr batch-get-image --repository-name $(REPO) --image-ids imageTag=$(TAG) --registry-id=$(AWS_ACCOUNT_ID_MGMT) | jq '.images | length') == 1 ]; - then - echo true - else - echo false - fi - -check-ecr-lambda-images-exist-for-tag: ### Check all lambda images with given tag exist in ECR - mandatory: TAG=[string to match tag of an image] - for IMAGE_NAME in $$(echo $(PROJECT_LAMBDAS_LIST) | tr "," "\n"); do - IMAGE_STATUS=$$(make check-ecr-image-tag-exist REPO=uec-dos/int/$$IMAGE_NAME) - if [[ "$$IMAGE_STATUS" == "false" ]]; then - echo false - exit - fi - done - echo true - -wait-for-ecr-lambda-images-to-exist-for-tag: ### Wait for lambda images to exist with given tag in ECR or timeout - mandatory: TAG=[string to match tag of an image] - TIMEOUT=600 - START_TS=$$(date +%s) - echo "Checking lambda images are ready.." - while [ $$(make check-ecr-lambda-images-exist-for-tag) == "false" ]; do - ELAPSED_TIME=$$(expr $$(date +%s) - $$START_TS ) - if [ "$$ELAPSED_TIME" -gt "$$TIMEOUT" ]; then - echo "Failed to find Lambda images in given timeout $$TIMEOUT secs" - exit 1 - fi - echo "..Lambda images not ready, waiting 10 second before checking again.." - sleep 10 - done - echo "..Lambda images ready" - docker-run-tester: ### Run python container - mandatory: CMD; optional: SH=true,DIR,ARGS=[Docker args],LIB_VOLUME_MOUNT=true,VARS_FILE=[Makefile vars file],IMAGE=[image name],CONTAINER=[container name] make docker-config > /dev/null 2>&1 mkdir -p $(TMP_DIR)/.python/pip/{cache,packages} @@ -553,8 +520,7 @@ docker-run-ruff: # Runs ruff tests - mandatory: RUFF_OPTS=[options] python-ruff-fix: # Auto fixes ruff warnings make docker-run-ruff RUFF_OPTS="--fix" +# ============================================================================== + .SILENT: docker-run-ruff \ commit-date-hash-tag \ - check-ecr-image-tag-exist \ - wait-for-ecr-lambda-images-to-exist-for-tag \ - check-ecr-lambda-images-exist-for-tag diff --git a/build/automation/var/project.mk b/build/automation/var/project.mk index db4d65f9d..01b93c209 100644 --- a/build/automation/var/project.mk +++ b/build/automation/var/project.mk @@ -135,7 +135,7 @@ TF_VAR_blue_green_deployment_current_version_parameter_name := $(PROJECT_ID)-$(S # Parameter Store (Application) PHARMACY_FIRST_PHASE_ONE_PARAMETER := $(PROJECT_ID)-$(SHARED_ENVIRONMENT)-pharmacy-first-phase-one -TF_VAR_pharmacy_first_phase_one_parameter_name := $(PHARMACY_FIRST_PHASE_ONE_PARAMETER) +TF_VAR_pharmacy_first_phase_one_parameter:= $(PHARMACY_FIRST_PHASE_ONE_PARAMETER) # WAF TF_VAR_waf_enabled := $(WAF_ENABLED) @@ -181,16 +181,27 @@ TF_VAR_slack_messenger := $(SLACK_MESSENGER) TF_VAR_quality_checker := $(QUALITY_CHECKER) # Lambda names -TF_VAR_change_event_dlq_handler_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(CHANGE_EVENT_DLQ_HANDLER) -TF_VAR_dos_db_handler_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(DOS_DB_HANDLER) -TF_VAR_dos_db_update_dlq_handler_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(DOS_DB_UPDATE_DLQ_HANDLER) -TF_VAR_event_replay_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(EVENT_REPLAY) -TF_VAR_ingest_change_event_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(INGEST_CHANGE_EVENT) -TF_VAR_send_email_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SEND_EMAIL) -TF_VAR_service_matcher_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SERVICE_MATCHER) -TF_VAR_service_sync_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SERVICE_SYNC) -TF_VAR_slack_messenger_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SLACK_MESSENGER) -TF_VAR_quality_checker_lambda := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(QUALITY_CHECKER) +CHANGE_EVENT_DLQ_HANDLER_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(CHANGE_EVENT_DLQ_HANDLER) +DOS_DB_HANDLER_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(DOS_DB_HANDLER) +DOS_DB_UPDATE_DLQ_HANDLER_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(DOS_DB_UPDATE_DLQ_HANDLER) +EVENT_REPLAY_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(EVENT_REPLAY) +INGEST_CHANGE_EVENT_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(INGEST_CHANGE_EVENT) +SEND_EMAIL_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SEND_EMAIL) +SERVICE_MATCHER_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SERVICE_MATCHER) +SERVICE_SYNC_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SERVICE_SYNC) +SLACK_MESSENGER_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(SLACK_MESSENGER) +QUALITY_CHECKER_LAMBDA := $(PROJECT_ID)-$(BLUE_GREEN_ENVIRONMENT)-$(QUALITY_CHECKER) + +TF_VAR_change_event_dlq_handler_lambda := $(CHANGE_EVENT_DLQ_HANDLER_LAMBDA) +TF_VAR_dos_db_handler_lambda := $(DOS_DB_HANDLER_LAMBDA) +TF_VAR_dos_db_update_dlq_handler_lambda := $(DOS_DB_UPDATE_DLQ_HANDLER_LAMBDA) +TF_VAR_event_replay_lambda := $(EVENT_REPLAY_LAMBDA) +TF_VAR_ingest_change_event_lambda := $(INGEST_CHANGE_EVENT_LAMBDA) +TF_VAR_send_email_lambda := $(SEND_EMAIL_LAMBDA) +TF_VAR_service_matcher_lambda := $(SERVICE_MATCHER_LAMBDA) +TF_VAR_service_sync_lambda := $(SERVICE_SYNC_LAMBDA) +TF_VAR_slack_messenger_lambda := $(SLACK_MESSENGER_LAMBDA) +TF_VAR_quality_checker_lambda := $(QUALITY_CHECKER_LAMBDA) # Lambda Versions TF_VAR_change_event_dlq_handler_version := $(or $(CHANGE_EVENT_DLQ_HANDLER_VERSION), $(VERSION)) @@ -230,6 +241,7 @@ TF_VAR_service_sync_max_concurrency := $(SERVICE_SYNC_MAX_CONCURRENCY) # Lambda Variables TF_VAR_log_level := $(LOG_LEVEL) TF_VAR_lambda_powertools_service_name := $(PROGRAMME)-$(TEAM_ID)-$(PROFILE)-$(BLUE_GREEN_ENVIRONMENT) +TF_VAR_slack_alert_channel := $(SLACK_ALERT_CHANNEL) TF_VAR_dos_db_cluster_name := $(DB_CLUSTER_NAME) TF_VAR_dos_db_writer_name := $(DB_WRITER_NAME) TF_VAR_dos_db_reader_name := $(DB_READER_NAME) diff --git a/infrastructure/stacks/application/iam.tf b/infrastructure/stacks/application/iam.tf index 106a39d0c..3e406a7d8 100644 --- a/infrastructure/stacks/application/iam.tf +++ b/infrastructure/stacks/application/iam.tf @@ -312,7 +312,7 @@ data "aws_iam_policy_document" "service_matcher_policy" { "ssm:GetParameter", ] resources = [ - "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/${var.pharmacy_first_phase_one_parameter_name}", + "arn:aws:ssm:${var.aws_region}:${var.aws_account_id}:parameter/${var.pharmacy_first_phase_one_parameter}", ] } diff --git a/infrastructure/stacks/application/lambda.tf b/infrastructure/stacks/application/lambda.tf index 87ce58fb6..a08177355 100644 --- a/infrastructure/stacks/application/lambda.tf +++ b/infrastructure/stacks/application/lambda.tf @@ -72,7 +72,7 @@ module "dos_db_handler_lambda" { "POWERTOOLS_TRACER_CAPTURE_ERROR" = true "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level - "IMAGE_VERSION" = var.change_event_dlq_handler_version + "IMAGE_VERSION" = var.dos_db_handler_version "DB_NAME" = var.dos_db_name "DB_PORT" = var.dos_db_port "DB_READ_ONLY_USER_NAME" = var.dos_db_read_only_user_name_secret_name @@ -81,8 +81,8 @@ module "dos_db_handler_lambda" { "DB_READER_SERVER" = var.dos_db_reader_route_53 "DB_WRITER_SERVER" = var.dos_db_writer_route_53 "DB_SCHEMA" = var.dos_db_schema - "DB_WRITER_SECRET_KEY" = var.dos_db_writer_secret_name - "DB_WRITER_SECRET_NAME" = var.dos_db_writer_secret_key + "DB_WRITER_SECRET_NAME" = var.dos_db_writer_secret_name + "DB_WRITER_SECRET_KEY" = var.dos_db_writer_secret_key "DB_READ_AND_WRITE_USER_NAME" = var.dos_db_read_and_write_user_name } } @@ -119,7 +119,7 @@ module "dos_db_update_dlq_handler_lambda" { "POWERTOOLS_TRACER_CAPTURE_ERROR" = true "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level - "IMAGE_VERSION" = var.change_event_dlq_handler_version + "IMAGE_VERSION" = var.dos_db_update_dlq_handler_version } } @@ -157,6 +157,7 @@ module "event_replay_lambda" { "LOG_LEVEL" = var.log_level "IMAGE_VERSION" = var.event_replay_version "CHANGE_EVENTS_TABLE_NAME" = var.change_events_table_name + "CHANGE_EVENT_SQS_NAME" = var.holding_queue } } @@ -195,6 +196,7 @@ module "ingest_change_event_lambda" { "LOG_LEVEL" = var.log_level "IMAGE_VERSION" = var.ingest_change_event_version "CHANGE_EVENTS_TABLE_NAME" = var.change_events_table_name + "HOLDING_QUEUE_URL" = aws_sqs_queue.holding_queue.url } } @@ -233,9 +235,9 @@ module "send_email_lambda" { "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level "IMAGE_VERSION" = var.send_email_version - "AWS_ACCOUNT_NAME" = "AWS_ACCOUNT_NAME" - "SYSTEM_EMAIL_ADDRESS" = "PROJECT_SYSTEM_EMAIL_ADDRESS" - "EMAIL_SECRET_NAME" = "PROJECT_DEPLOYMENT_SECRETS" + "AWS_ACCOUNT_NAME" = var.aws_account_name + "SYSTEM_EMAIL_ADDRESS" = var.project_system_email_address + "EMAIL_SECRET_NAME" = var.project_deployment_secrets } } @@ -277,16 +279,16 @@ module "service_matcher_lambda" { "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level "IMAGE_VERSION" = var.service_matcher_version - "CHANGE_EVENTS_TABLE_NAME" = "TF_VAR_change_events_table_name" - "UPDATE_REQUEST_QUEUE_URL" = "update_request_queue_url" - "DB_NAME" = "DB_NAME" - "DB_PORT" = "DB_PORT" - "DB_READ_ONLY_USER_NAME" = "DB_READ_ONLY_USER_NAME" - "DB_READER_SECRET_NAME" = "DB_READER_SECRET_NAME" - "DB_READER_SECRET_KEY" = "DB_READER_SECRET_KEY" - "DB_READER_SERVER" = "DB_READER_SERVER" - "DB_SCHEMA" = "DB_SCHEMA" - "PHARMACY_FIRST_PHASE_ONE_PARAMETER" = "PHARMACY_FIRST_PHASE_ONE_PARAMETER" + "UPDATE_REQUEST_QUEUE_URL" = aws_sqs_queue.update_request_queue.url + "DB_NAME" = var.dos_db_name + "DB_PORT" = var.dos_db_port + "DB_READ_ONLY_USER_NAME" = var.dos_db_read_only_user_name_secret_name + "DB_READER_SECRET_NAME" = var.dos_db_reader_secret_name + "DB_READER_SECRET_KEY" = var.dos_db_reader_secret_key + "DB_READER_SERVER" = var.dos_db_reader_route_53 + "DB_WRITER_SERVER" = var.dos_db_writer_route_53 + "DB_SCHEMA" = var.dos_db_schema + "PHARMACY_FIRST_PHASE_ONE_PARAMETER" = var.pharmacy_first_phase_one_parameter } } @@ -328,23 +330,22 @@ module "service_sync_lambda" { "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level "IMAGE_VERSION" = var.service_sync_version - "CHANGE_EVENTS_TABLE_NAME" = "TF_VAR_change_events_table_name" - "UPDATE_REQUEST_QUEUE_URL" = "update_request_queue_url" - "DB_NAME" = "DB_NAME" - "DB_PORT" = "DB_PORT" - "DB_READ_ONLY_USER_NAME" = "DB_READ_ONLY_USER_NAME" - "DB_READER_SECRET_NAME" = "DB_READER_SECRET_NAME" - "DB_READER_SECRET_KEY" = "DB_READER_SECRET_KEY" - "DB_READER_SERVER" = "DB_READER_SERVER" - "DB_WRITER_SERVER" = "DB_WRITER_SERVER" - "DB_SCHEMA" = "DB_SCHEMA" - "DB_WRITER_SECRET_KEY" = "DB_WRITER_SECRET_KEY" - "DB_WRITER_SECRET_NAME" = "DB_WRITER_SECRET_NAME" - "DB_READ_AND_WRITE_USER_NAME" = "DB_READ_AND_WRITE_USER_NAME" - "SEND_EMAIL_BUCKET_NAME" = "SEND_EMAIL_BUCKET_NAME" - "TEAM_EMAIL_ADDRESS" = "PROJECT_TEAM_EMAIL_ADDRESS" - "SYSTEM_EMAIL_ADDRESS" = "PROJECT_SYSTEM_EMAIL_ADDRESS" - "SEND_EMAIL_LAMBDA_NAME" = "TF_VAR_send_email_lambda_name" + "UPDATE_REQUEST_QUEUE_URL" = aws_sqs_queue.update_request_queue.url + "DB_NAME" = var.dos_db_name + "DB_PORT" = var.dos_db_port + "DB_READ_ONLY_USER_NAME" = var.dos_db_read_only_user_name_secret_name + "DB_READER_SECRET_NAME" = var.dos_db_reader_secret_name + "DB_READER_SECRET_KEY" = var.dos_db_reader_secret_key + "DB_READER_SERVER" = var.dos_db_reader_route_53 + "DB_WRITER_SERVER" = var.dos_db_writer_route_53 + "DB_SCHEMA" = var.dos_db_schema + "DB_WRITER_SECRET_NAME" = var.dos_db_writer_secret_name + "DB_WRITER_SECRET_KEY" = var.dos_db_writer_secret_key + "DB_READ_AND_WRITE_USER_NAME" = var.dos_db_read_and_write_user_name + "SEND_EMAIL_BUCKET_NAME" = var.send_email_bucket_name + "TEAM_EMAIL_ADDRESS" = var.project_team_email_address + "SYSTEM_EMAIL_ADDRESS" = var.project_system_email_address + "SEND_EMAIL_LAMBDA_NAME" = var.send_email_lambda } } @@ -381,9 +382,9 @@ module "slack_messenger_lambda" { "POWERTOOLS_TRACER_CAPTURE_ERROR" = true "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level - "IMAGE_VERSION" = var.service_sync_version - "SLACK_ALERT_CHANNEL" = "SLACK_ALERT_CHANNEL" - "SLACK_WEBHOOK_URL" = "SLACK_WEBHOOK_URL" + "IMAGE_VERSION" = var.slack_messenger_version + "SLACK_ALERT_CHANNEL" = var.slack_alert_channel + "SLACK_WEBHOOK_URL" = var.slack_webhook_url } } @@ -420,16 +421,16 @@ module "quality_checker_lambda" { "POWERTOOLS_TRACE_MIDDLEWARES" = true "LOG_LEVEL" = var.log_level "IMAGE_VERSION" = var.quality_checker_version - "DB_NAME" = "DB_NAME" - "DB_PORT" = "DB_PORT" - "DB_READ_ONLY_USER_NAME" = "DB_READ_ONLY_USER_NAME" - "DB_READER_SECRET_NAME" = "DB_READER_SECRET_NAME" - "DB_READER_SECRET_KEY" = "DB_READER_SECRET_KEY" - "DB_READER_SERVER" = "DB_READER_SERVER" - "DB_WRITER_SERVER" = "DB_WRITER_SERVER" - "DB_SCHEMA" = "DB_SCHEMA" - "DB_WRITER_SECRET_KEY" = "DB_WRITER_SECRET_KEY" - "DB_WRITER_SECRET_NAME" = "DB_WRITER_SECRET_NAME" - "DB_READ_AND_WRITE_USER_NAME" = "DB_READ_AND_WRITE_USER_NAME" + "DB_NAME" = var.dos_db_name + "DB_PORT" = var.dos_db_port + "DB_READ_ONLY_USER_NAME" = var.dos_db_read_only_user_name_secret_name + "DB_READER_SECRET_NAME" = var.dos_db_reader_secret_name + "DB_READER_SECRET_KEY" = var.dos_db_reader_secret_key + "DB_READER_SERVER" = var.dos_db_reader_route_53 + "DB_WRITER_SERVER" = var.dos_db_writer_route_53 + "DB_SCHEMA" = var.dos_db_schema + "DB_WRITER_SECRET_NAME" = var.dos_db_writer_secret_name + "DB_WRITER_SECRET_KEY" = var.dos_db_writer_secret_key + "DB_READ_AND_WRITE_USER_NAME" = var.dos_db_read_and_write_user_name } } diff --git a/infrastructure/stacks/application/outputs.tf b/infrastructure/stacks/application/outputs.tf index 5cb0fa4f4..f37111580 100644 --- a/infrastructure/stacks/application/outputs.tf +++ b/infrastructure/stacks/application/outputs.tf @@ -1,5 +1,14 @@ -# output "lambda_versions" { -# value = { -# "change_event_dlq_handler" = aws_lambda_function.change_event_dlq_handler.version -# } -# } +output "lambda_versions" { + value = { + "change_event_dlq_handler" = var.change_event_dlq_handler_version + "dos_db_handler" = var.dos_db_handler_version + "dos_db_update_dlq_handler" = var.dos_db_update_dlq_handler_version + "event_replay" = var.event_replay_version + "ingest_change_event" = var.ingest_change_event_version + "send_email" = var.send_email_version + "service_matcher" = var.service_matcher_version + "service_sync" = var.service_sync_version + "slack_messenger" = var.slack_messenger_version + "quality_checker" = var.quality_checker_version + } +} diff --git a/infrastructure/stacks/application/sns.tf b/infrastructure/stacks/application/sns.tf index ffe9755e1..c971441b7 100644 --- a/infrastructure/stacks/application/sns.tf +++ b/infrastructure/stacks/application/sns.tf @@ -12,9 +12,10 @@ resource "aws_sns_topic_policy" "sns_topic_app_alerts_for_slack_policy_default_r } resource "aws_sns_topic_subscription" "sns_topic_app_alerts_for_slack_policy_default_region_target" { - topic_arn = aws_sns_topic.sns_topic_app_alerts_for_slack_default_region.arn - protocol = "lambda" - endpoint = module.slack_messenger_lambda.lambda_function_arn + topic_arn = aws_sns_topic.sns_topic_app_alerts_for_slack_default_region.arn + protocol = "lambda" + endpoint = module.slack_messenger_lambda.lambda_function_arn + depends_on = [aws_sns_topic.sns_topic_app_alerts_for_slack_default_region, aws_sns_topic_policy.sns_topic_app_alerts_for_slack_policy_default_region] } resource "aws_sns_topic" "sns_topic_app_alerts_for_slack_route53_health_check_alarm_region" { @@ -33,7 +34,9 @@ resource "aws_sns_topic_policy" "sns_topic_app_alerts_for_slack_policy_alarm_reg } resource "aws_sns_topic_subscription" "sns_topic_app_alerts_for_slack_route53_health_check_alarm_region_target" { - topic_arn = aws_sns_topic.sns_topic_app_alerts_for_slack_route53_health_check_alarm_region.arn - protocol = "lambda" - endpoint = module.slack_messenger_lambda.lambda_function_arn + provider = aws.route53_health_check_alarm_region + topic_arn = aws_sns_topic.sns_topic_app_alerts_for_slack_route53_health_check_alarm_region.arn + protocol = "lambda" + endpoint = module.slack_messenger_lambda.lambda_function_arn + depends_on = [aws_sns_topic.sns_topic_app_alerts_for_slack_route53_health_check_alarm_region, aws_sns_topic_policy.sns_topic_app_alerts_for_slack_policy_alarm_region] } diff --git a/infrastructure/stacks/application/sqs.tf b/infrastructure/stacks/application/sqs.tf index 95c84af6e..f4ec7c08b 100644 --- a/infrastructure/stacks/application/sqs.tf +++ b/infrastructure/stacks/application/sqs.tf @@ -30,19 +30,19 @@ resource "aws_sqs_queue" "update_request_queue" { depends_on = [aws_sqs_queue.update_request_dlq] } -# resource "aws_lambda_event_source_mapping" "holding_queue_event_source_mapping" { -# batch_size = 1 -# event_source_arn = aws_sqs_queue.holding_queue.arn -# enabled = true -# function_name = data.aws_lambda_function.service_matcher.arn -# } +resource "aws_lambda_event_source_mapping" "holding_queue_event_source_mapping" { + batch_size = 1 + event_source_arn = aws_sqs_queue.holding_queue.arn + enabled = true + function_name = module.service_matcher_lambda.lambda_function_arn +} -# resource "aws_lambda_event_source_mapping" "update_request_event_source_mapping" { -# batch_size = 1 -# event_source_arn = aws_sqs_queue.update_request_queue.arn -# enabled = true -# function_name = data.aws_lambda_function.service_sync.arn -# } +resource "aws_lambda_event_source_mapping" "update_request_event_source_mapping" { + batch_size = 1 + event_source_arn = aws_sqs_queue.update_request_queue.arn + enabled = true + function_name = module.service_sync_lambda.lambda_function_arn +} resource "aws_sqs_queue" "holding_queue_dlq" { name = var.holding_queue_dlq @@ -58,16 +58,16 @@ resource "aws_sqs_queue" "update_request_dlq" { message_retention_seconds = 1209600 # 14 days } -# resource "aws_lambda_event_source_mapping" "holding_queue_dlq_event_source_mapping" { -# batch_size = 1 -# event_source_arn = aws_sqs_queue.holding_queue_dlq.arn -# enabled = true -# function_name = data.aws_lambda_function.change_event_dlq_handler.arn -# } +resource "aws_lambda_event_source_mapping" "holding_queue_dlq_event_source_mapping" { + batch_size = 1 + event_source_arn = aws_sqs_queue.holding_queue_dlq.arn + enabled = true + function_name = module.change_event_dlq_handler_lambda.lambda_function_arn +} -# resource "aws_lambda_event_source_mapping" "update_request_dlq_event_source_mapping" { -# batch_size = 1 -# event_source_arn = aws_sqs_queue.update_request_dlq.arn -# enabled = true -# function_name = data.aws_lambda_function.dos_db_update_dlq_handler.arn -# } +resource "aws_lambda_event_source_mapping" "update_request_dlq_event_source_mapping" { + batch_size = 1 + event_source_arn = aws_sqs_queue.update_request_dlq.arn + enabled = true + function_name = module.dos_db_update_dlq_handler_lambda.lambda_function_arn +} diff --git a/infrastructure/stacks/application/variables.tf b/infrastructure/stacks/application/variables.tf index 366b023d2..0bc1e2603 100644 --- a/infrastructure/stacks/application/variables.tf +++ b/infrastructure/stacks/application/variables.tf @@ -7,6 +7,11 @@ variable "docker_registry" { description = "Docker registry" } +variable "project_deployment_secrets" { + type = string + description = "Name of the project deployment secrets" +} + ############ # VPC ############ @@ -143,7 +148,7 @@ variable "send_email_bucket_name" { # # PARAMETER STORE # ############## -variable "pharmacy_first_phase_one_parameter_name" { +variable "pharmacy_first_phase_one_parameter" { type = string description = "The name of the parameter for the pharmacy first phase one feature flag" } @@ -393,12 +398,12 @@ variable "quality_checker_version" { variable "service_matcher_max_concurrency" { type = string - description = "" + description = "The maximum number of concurrent executions you want to reserve for the function." } variable "service_sync_max_concurrency" { type = string - description = "" + description = "The maximum number of concurrent executions you want to reserve for the function." } # ############## @@ -416,73 +421,121 @@ variable "log_level" { } variable "dos_db_reader_name" { - default = "" + type = string + description = "Name of the dos db reader" + default = "" } variable "dos_db_writer_route_53" { - default = "" + type = string + description = "Route 53 name of the dos db writer" + default = "" } variable "dos_db_reader_route_53" { - default = "" + type = string + description = "Route 53 name of the dos db reader" + default = "" } variable "dos_db_port" { - default = "" + type = string + description = "Port of the dos db" + default = "" } variable "dos_db_name" { - default = "" + type = string + description = "Name of the dos db" + default = "" } variable "dos_db_schema" { - default = "" + type = string + description = "Schema of the dos db" + default = "" } variable "dos_db_writer_security_group_name" { - default = "" + type = string + description = "Name of the dos db writer security group" + default = "" } variable "dos_db_reader_security_group_name" { - default = "" + type = string + description = "Name of the dos db reader security group" + default = "" } variable "dos_db_writer_secret_name" { - default = "" + type = string + description = "Name of the dos db writer secret" + default = "" } variable "dos_db_writer_secret_key" { - default = "" + type = string + description = "Key of the dos db writer secret" + default = "" } -# variable "dos_db_user_name_secret_name" { - -# } - -# variable "dos_db_user_name_secret_key" { - -# } - variable "dos_db_reader_secret_name" { - default = "" + type = string + description = "Name of the dos db reader secret" + default = "" } variable "dos_db_reader_secret_key" { - default = "" + type = string + description = "Key of the dos db reader secret" + default = "" } variable "dos_db_read_only_user_name_secret_name" { - default = "" + type = string + description = "Name of the dos db read only user name secret" + default = "" } variable "dos_db_read_only_user_name_secret_key" { - default = "" + type = string + description = "Key of the dos db read only user name secret" + default = "" } variable "dos_db_read_and_write_user_name" { - default = "" + type = string + description = "Name of the dos db read and write user name" + default = "" } variable "dos_db_read_only_user_name" { - default = "" + type = string + description = "Name of the dos db read only user name" + default = "" +} + +variable "project_system_email_address" { + type = string + description = "Email address of the project system" + default = "" +} + +variable "project_team_email_address" { + type = string + description = "Email address of the project team" + default = "" +} + +variable "slack_alert_channel" { + type = string + description = "The slack channel to send alerts to" + default = "" +} + +variable "slack_webhook_url" { + type = string + description = "The slack webhook url to send alerts to" + default = "" } diff --git a/infrastructure/stacks/shared-resources/parameter-store.tf b/infrastructure/stacks/shared-resources/parameter-store.tf index 5e3fec6b1..f567d2832 100644 --- a/infrastructure/stacks/shared-resources/parameter-store.tf +++ b/infrastructure/stacks/shared-resources/parameter-store.tf @@ -1,7 +1,7 @@ resource "aws_ssm_parameter" "pharmacy_first_phase_one_parameter" { #checkov:skip=CKV2_AWS_34:Value does not contain sensitive data so it is ok to be stored in plain text #checkov:skip=CKV_AWS_337:Allow parameter store to be used for storing non-sensitive data - name = var.pharmacy_first_phase_one_parameter_name + name = var.pharmacy_first_phase_one_parameter description = "The feature flag for pharamcy first phase one" type = "String" value = "True" diff --git a/infrastructure/stacks/shared-resources/variables.tf b/infrastructure/stacks/shared-resources/variables.tf index 353443fc7..db9bed989 100755 --- a/infrastructure/stacks/shared-resources/variables.tf +++ b/infrastructure/stacks/shared-resources/variables.tf @@ -220,7 +220,7 @@ variable "aws_sso_role" { # # PARAMETER STORE # ############## -variable "pharmacy_first_phase_one_parameter_name" { +variable "pharmacy_first_phase_one_parameter" { type = string description = "The name of the parameter for the pharmacy first phase one feature flag" }