From b87b7c6f51cf2dec0b54e0a926f524ad0dc185bb Mon Sep 17 00:00:00 2001 From: Olivia Campbell Date: Wed, 31 Jan 2024 13:14:29 +0000 Subject: [PATCH 01/10] Update Container app module to v1.4.9 1.4.9 is the latest release for ACA module. Type of change [x ] Bug fix (non-breaking change which fixes an issue) Expected behaviour Dependency update that has bug fixes in for SQL Defender + Logging Add future scaling capability for containers --- terraform/README.md | 3 ++- terraform/container-apps-hosting.tf | 3 ++- terraform/locals.tf | 1 + terraform/variables.tf | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/terraform/README.md b/terraform/README.md index e4faae404..04f836fa3 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -136,7 +136,7 @@ No providers. | Name | Source | Version | |------|--------|---------| -| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.4.7 | +| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.4.9 | | [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.3.0 | | [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.2 | @@ -159,6 +159,7 @@ No resources. | [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no | | [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes | | [container\_health\_probe\_path](#input\_container\_health\_probe\_path) | Specifies the path that is used to determine the liveness of the Container | `string` | n/a | yes | +| [container\_scale\_http\_concurrency](#input\_container\_scale\_http\_concurrency) | When the number of concurrent HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the max-replicas amount. | `number` | `10` | no | | [container\_secret\_environment\_variables](#input\_container\_secret\_environment\_variables) | Container secret environment variables | `map(string)` | n/a | yes | | [dns\_ns\_records](#input\_dns\_ns\_records) | DNS NS records to add to the DNS Zone | 
map(
    object({
      ttl : optional(number, 300),
      records : list(string)
    })
  )
| n/a | yes | | [dns\_txt\_records](#input\_dns\_txt\_records) | DNS TXT records to add to the DNS Zone | 
map(
    object({
      ttl : optional(number, 300),
      records : list(string)
    })
  )
| n/a | yes | diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf index 11d3997c1..e4eeb32b2 100644 --- a/terraform/container-apps-hosting.tf +++ b/terraform/container-apps-hosting.tf @@ -1,5 +1,5 @@ module "azure_container_apps_hosting" { - source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.4.7" + source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.4.9" environment = local.environment project_name = local.project_name @@ -21,6 +21,7 @@ module "azure_container_apps_hosting" { image_name = local.image_name container_command = local.container_command container_secret_environment_variables = local.container_secret_environment_variables + container_scale_http_concurrency = local.container_scale_http_concurrency enable_cdn_frontdoor = local.enable_cdn_frontdoor cdn_frontdoor_forwarding_protocol = local.cdn_frontdoor_forwarding_protocol diff --git a/terraform/locals.tf b/terraform/locals.tf index fd048c93f..2fb6669b7 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -11,6 +11,7 @@ locals { image_name = var.image_name container_command = var.container_command container_secret_environment_variables = var.container_secret_environment_variables + container_scale_http_concurrency = var.container_scale_http_concurrency enable_cdn_frontdoor = var.enable_cdn_frontdoor enable_event_hub = var.enable_event_hub enable_logstash_consumer = var.enable_logstash_consumer diff --git a/terraform/variables.tf b/terraform/variables.tf index 6e027af94..8e13be295 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -77,6 +77,12 @@ variable "container_secret_environment_variables" { sensitive = true } +variable "container_scale_http_concurrency" { + description = "When the number of concurrent HTTP requests exceeds this value, then another replica is added. Replicas continue to add to the pool up to the max-replicas amount." + type = number + default = 10 +} + variable "enable_dns_zone" { description = "Conditionally create a DNS zone" type = bool From 650024fdc2202326fea2d958cbd332aee74eeed8 Mon Sep 17 00:00:00 2001 From: mikestock-nimble Date: Thu, 1 Feb 2024 11:37:06 +0000 Subject: [PATCH 02/10] 155067: integrated get construct projects with mfsp updated the api endpoint and contract added an app key --- TramsDataApi.Test/FakeApi/FakeMfspApi.cs | 31 +++++++++++---------- TramsDataApi.Test/integration_settings.json | 2 +- TramsDataApi/Configuration/MfspOptions.cs | 2 ++ TramsDataApi/Startup.cs | 1 + TramsDataApi/UseCases/GetAllFssProjects.cs | 4 +-- TramsDataApi/appsettings.json | 3 +- 6 files changed, 25 insertions(+), 18 deletions(-) diff --git a/TramsDataApi.Test/FakeApi/FakeMfspApi.cs b/TramsDataApi.Test/FakeApi/FakeMfspApi.cs index 1ccaa4563..511211581 100644 --- a/TramsDataApi.Test/FakeApi/FakeMfspApi.cs +++ b/TramsDataApi.Test/FakeApi/FakeMfspApi.cs @@ -14,26 +14,29 @@ public class FakeMfspApi public void Start() { - _server = new WebHostBuilder().UseKestrel(x => x.ListenLocalhost(5003)).Configure(app => + _server = new WebHostBuilder().UseKestrel(x => x.ListenLocalhost(6784)).Configure(app => { app.Run(async context => { - if (context.Request.Method == HttpMethods.Get && context.Request.Path == "/v2/fss/projects") + if (context.Request.Method == HttpMethods.Get && context.Request.Path == "/api/v1/construct/projects") { - var response = new List() + var response = new ApiResponseV2() { - new FssProjectResponse() + Data = new List() { - CurrentFreeSchoolName = "This is my free school", - AgeRange = "5-11", - ProjectStatus = "Open", - }, - new FssProjectResponse() - { - CurrentFreeSchoolName = "This is another free school", - AgeRange = "11-16", - ProjectStatus = "Open", - }, + new FssProjectResponse() + { + CurrentFreeSchoolName = "This is my free school", + AgeRange = "5-11", + ProjectStatus = "Open", + }, + new FssProjectResponse() + { + CurrentFreeSchoolName = "This is another free school", + AgeRange = "11-16", + ProjectStatus = "Open", + }, + } }; await context.Response.WriteAsJsonAsync(response); diff --git a/TramsDataApi.Test/integration_settings.json b/TramsDataApi.Test/integration_settings.json index ac08cff66..a550761f9 100644 --- a/TramsDataApi.Test/integration_settings.json +++ b/TramsDataApi.Test/integration_settings.json @@ -12,7 +12,7 @@ "DefaultConnection": "Server=127.0.0.1,1433;Database=sip;User Id=sa;TrustServerCertificate=True;Password=StrongPassword905" }, "Mfsp": { - "ApiEndpoint": "http://localhost:5003" + "ApiEndpoint": "http://localhost:6784" }, "FeatureManagement": { "IsGetProjectsFromMfspEnabled": true diff --git a/TramsDataApi/Configuration/MfspOptions.cs b/TramsDataApi/Configuration/MfspOptions.cs index 516d58b13..e7ee8759e 100644 --- a/TramsDataApi/Configuration/MfspOptions.cs +++ b/TramsDataApi/Configuration/MfspOptions.cs @@ -3,5 +3,7 @@ public class MfspOptions { public string ApiEndpoint { get; set; } + + public string ApiKey { get; set; } } } diff --git a/TramsDataApi/Startup.cs b/TramsDataApi/Startup.cs index f555d700a..0542fa2fe 100644 --- a/TramsDataApi/Startup.cs +++ b/TramsDataApi/Startup.cs @@ -52,6 +52,7 @@ public void ConfigureServices(IServiceCollection services) { MfspOptions mfspOptions = GetTypedConfigurationFor(); client.BaseAddress = new Uri(mfspOptions.ApiEndpoint); + client.DefaultRequestHeaders.Add("AppKey", mfspOptions.ApiKey); }); services.AddScoped(); diff --git a/TramsDataApi/UseCases/GetAllFssProjects.cs b/TramsDataApi/UseCases/GetAllFssProjects.cs index 22d09ee46..e98ee9b9e 100644 --- a/TramsDataApi/UseCases/GetAllFssProjects.cs +++ b/TramsDataApi/UseCases/GetAllFssProjects.cs @@ -31,9 +31,9 @@ public async Task> Execute() if (useMfspApi) { - var mfspProjects = await _mfspApiClient.Get>("/v2/fss/projects"); + var mfspProjects = await _mfspApiClient.Get>("/api/v1/construct/projects"); - return mfspProjects; + return mfspProjects.Data.ToList(); } return _fssProjectGateway.GetAll().Select(fssProject => FssProjectResponseFactory.Create(fssProject)).ToList(); diff --git a/TramsDataApi/appsettings.json b/TramsDataApi/appsettings.json index 2b8962174..66233968b 100644 --- a/TramsDataApi/appsettings.json +++ b/TramsDataApi/appsettings.json @@ -39,7 +39,8 @@ } }, "Mfsp": { - "ApiEndpoint": "" + "ApiEndpoint": "", + "ApiKey": "" }, "FeatureManagement": { "IsGetProjectsFromMfspEnabled": false From 4adc74a2a915dc2785d4d55053603d58faa49f38 Mon Sep 17 00:00:00 2001 From: mikestock-nimble Date: Thu, 1 Feb 2024 12:20:51 +0000 Subject: [PATCH 03/10] fixed incorrect api key header --- TramsDataApi/Startup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TramsDataApi/Startup.cs b/TramsDataApi/Startup.cs index 0542fa2fe..1aea3b82f 100644 --- a/TramsDataApi/Startup.cs +++ b/TramsDataApi/Startup.cs @@ -52,7 +52,7 @@ public void ConfigureServices(IServiceCollection services) { MfspOptions mfspOptions = GetTypedConfigurationFor(); client.BaseAddress = new Uri(mfspOptions.ApiEndpoint); - client.DefaultRequestHeaders.Add("AppKey", mfspOptions.ApiKey); + client.DefaultRequestHeaders.Add("ApiKey", mfspOptions.ApiKey); }); services.AddScoped(); From 23a3d8f3876cf704ce6b223dcb945eabe4e5eae1 Mon Sep 17 00:00:00 2001 From: mikestock-nimble Date: Thu, 1 Feb 2024 13:12:34 +0000 Subject: [PATCH 04/10] added supression for warning of missing docs code is descriptive for the most part, only add comments where needed --- TramsDataApi/TramsDataApi.csproj | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/TramsDataApi/TramsDataApi.csproj b/TramsDataApi/TramsDataApi.csproj index e11cde922..96add2719 100644 --- a/TramsDataApi/TramsDataApi.csproj +++ b/TramsDataApi/TramsDataApi.csproj @@ -4,6 +4,12 @@ 1ce62ee2-ff0b-4f40-9066-cfbdae2e889f true + + 1701;1702;1591 + + + 1701;1702;1591 + From 8c22dcda0e3ccab1e66ceb6089ba2b71313b2019 Mon Sep 17 00:00:00 2001 From: Olivia Campbell Date: Tue, 6 Feb 2024 18:10:37 +0000 Subject: [PATCH 05/10] Update StatusCake alarms to 40, 20, 5 What is the change? We're increasing our alarm rates to higher number of days Why do we need the change? By doing this means we'll renew TLS certs earlier before InfraOps's Resource Health alert starts emailing them daily until the problem is resolved. Azure DevOps Ticket 155430 --- terraform/statuscake-tls-monitor.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/statuscake-tls-monitor.tf b/terraform/statuscake-tls-monitor.tf index 02a9b0af4..a859d1818 100644 --- a/terraform/statuscake-tls-monitor.tf +++ b/terraform/statuscake-tls-monitor.tf @@ -3,7 +3,7 @@ module "statuscake-tls-monitor" { statuscake_monitored_resource_addresses = local.statuscake_monitored_resource_addresses statuscake_alert_at = [ # days to alert on - 14, 7, 3 + 40, 20, 5 ] statuscake_contact_group_name = local.statuscake_contact_group_name statuscake_contact_group_integrations = local.statuscake_contact_group_integrations From c471b08645db7ba59105ca37e0a03be007987fda Mon Sep 17 00:00:00 2001 From: Chris Sherlock <99017916+cshnimble@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:39:08 +0000 Subject: [PATCH 06/10] Update workflows to use actions on Node20 (#456) --- .github/workflows/build-and-push-image.yml | 4 ++-- .github/workflows/continuous-integration-dotnet.yml | 6 +++--- .github/workflows/security-tests.yml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index edf78ea8d..d8b2449ab 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -91,7 +91,7 @@ jobs: git push origin ${{ needs.set-env.outputs.release }} - name: Create release - uses: "actions/github-script@v6" + uses: "actions/github-script@v7" with: github-token: "${{ secrets.GITHUB_TOKEN }}" script: | @@ -149,7 +149,7 @@ jobs: ref: ${{ github.ref }} - name: Setup node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index f02a9c0f4..06b9f80e0 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -40,18 +40,18 @@ jobs: docker compose -f "docker-compose.yml" up -d --build db - name: Setup .NET - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Setup JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'microsoft' java-version: ${{ env.JAVA_VERSION }} - name: Cache SonarCloud packages - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~\sonar\cache key: ${{ runner.os }}-sonar diff --git a/.github/workflows/security-tests.yml b/.github/workflows/security-tests.yml index 04300f99b..04119cf5b 100644 --- a/.github/workflows/security-tests.yml +++ b/.github/workflows/security-tests.yml @@ -33,7 +33,7 @@ jobs: - name: Restore ZAP container from cache if exists id: cache-docker-zap - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/ci/cache/docker/softwaresecurityproject key: cache-docker-zap-${{ env.ZAP_VERSION }} @@ -52,7 +52,7 @@ jobs: run: docker run --name zap_container --rm -d -v ${{ github.workspace }}/zapoutput/:/zap/wrk:rw -u zap -p ${{ env.ZAP_PORT }}:${{ env.ZAP_PORT }} -i softwaresecurityproject/zap-stable zap.sh -daemon -port ${{ env.ZAP_PORT }} -host 0.0.0.0 -config api.key=${{ secrets.ZAP_API_KEY }} -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config network.localServers.mainProxy.alpn.enabled=false -config network.localServers.mainProxy.address=0.0.0.0 - name: Set up NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 18 From cf66faeadb3836dd7b41b12bd06b1a2e037a1c67 Mon Sep 17 00:00:00 2001 From: Chris Sherlock <99017916+cshnimble@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:02:50 +0000 Subject: [PATCH 07/10] Extend searchString on v3 search by companies house to reduce clash chance (#457) --- TramsDataApi.Test/Integration/V3/TrustsV3IntegrationTests.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TramsDataApi.Test/Integration/V3/TrustsV3IntegrationTests.cs b/TramsDataApi.Test/Integration/V3/TrustsV3IntegrationTests.cs index 7c0a0c0d0..406e3a3cc 100644 --- a/TramsDataApi.Test/Integration/V3/TrustsV3IntegrationTests.cs +++ b/TramsDataApi.Test/Integration/V3/TrustsV3IntegrationTests.cs @@ -355,7 +355,7 @@ public async Task ShouldReturnSubsetOfTrusts_WhenSearchingTrusts_ByGroupName() [Theory] [InlineData("123456789")] - [InlineData("123")] + [InlineData("12345")] public async Task ShouldReturnSubsetOfTrusts_WhenSearchingTrusts_ByCompaniesHouseNumber(string searchString) { var companiesHouseNumber = "123456789"; From d3827ed72c05a340367ef3b7f7c5554f93f88e8b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 14:39:51 +0000 Subject: [PATCH 08/10] Update dependency hashicorp/terraform to v1.7.3 (#460) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/continuous-integration-terraform.yml | 6 +++--- terraform/.terraform-version | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/continuous-integration-terraform.yml b/.github/workflows/continuous-integration-terraform.yml index 7496ad14b..a9db4f98b 100644 --- a/.github/workflows/continuous-integration-terraform.yml +++ b/.github/workflows/continuous-integration-terraform.yml @@ -40,19 +40,19 @@ jobs: run: rm ./terraform/backend.tf - name: Run a Terraform init - uses: docker://hashicorp/terraform:1.6.6 + uses: docker://hashicorp/terraform:1.7.3 with: entrypoint: terraform args: -chdir=terraform init - name: Run a Terraform validate - uses: docker://hashicorp/terraform:1.6.6 + uses: docker://hashicorp/terraform:1.7.3 with: entrypoint: terraform args: -chdir=terraform validate - name: Run a Terraform format check - uses: docker://hashicorp/terraform:1.6.6 + uses: docker://hashicorp/terraform:1.7.3 with: entrypoint: terraform args: -chdir=terraform fmt -check=true -diff=true diff --git a/terraform/.terraform-version b/terraform/.terraform-version index ec70f7556..661e7aead 100644 --- a/terraform/.terraform-version +++ b/terraform/.terraform-version @@ -1 +1 @@ -1.6.6 +1.7.3 From f57c1ba972e649efb8b867f571c3781a14d2dfa1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 14:40:33 +0000 Subject: [PATCH 09/10] Update Terraform azurerm to v3.92.0 (#458) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- terraform/.terraform.lock.hcl | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index ccae05be6..5630d213e 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -42,31 +42,31 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.85.0" + version = "3.92.0" constraints = ">= 3.52.0, >= 3.76.0" hashes = [ - "h1:2Dsdz/nR/duRVK7yzAgBY70ZdWbFRtOAjU7z6f60diE=", - "h1:BX6+m8KJATrpqlwBSyA63Fmwjvgwcs/v1qwB7B5GLCU=", - "h1:C1bO2bAI4vJ1dP/6oELgtpoawPUYSbdMo6BpvYNrMuM=", - "h1:DIROF27wqlxkSceiMFUOVpk9Aa2cZFkg0d1C8VI63Gk=", - "h1:JLkmrm6Jcy4m0a3SrT26EU7b0njwFuhfflBZWUij7mA=", - "h1:JhJwx+Zn/DPHMY7qWPHJz7QUovoyxnmXvxT9W8Cj7LU=", - "h1:UW2HuNrkVexKwNYbkI1Xr/B3ip/cCgizIjfKN+ulpPs=", - "h1:j78JLG45+qHKsQvpo1nMe5P/QioO91IowAGdMN2u+rk=", - "h1:nlR1IGkyzCuMzgwmtEBssSyfp9JhOFCprUsjH3R27Vg=", - "h1:vPlaTsywMaTyPPYPy0t8twBwrYOGckDFg4kQ5yyJG0U=", - "h1:wcPRNQKHyR5boMFYQblUqVCbPyxuLlXpVgzMK3cLAPo=", - "zh:1ae6c0d82b5801641a17094b84f2ec1dcac699c1c4e40669a267511061414a34", - "zh:259e9386a43aabecb1205b0ceea2d205223637c09b66d806a89fed04f3343253", - "zh:4d940f9c14fece4f1d9219ac9d104202e5561bddc5024e5ac97f3f93eea20110", - "zh:530bca70b950e835f63c796c694106d701e5de0e2cf096fa35f08afd5c254594", - "zh:69e6b7f44ffbe0383b6485bb9db26781eb7869503889303e202967900a6b35ed", - "zh:8528e7d054254daae06eeb2bf343d566d3908a024fdfb5e515fbdbe0669c15eb", - "zh:98d66edfa89ed9a431ca37be384e5dfe7fa20bdc732c6e7d30f3f922ca3b29dc", - "zh:b8d37cedeffeb6bd37d4ec79fc2da19ed6b57d1ac08d835395dfa4fb3cfdf447", - "zh:bbc94e89cd6c0d59c2e5ed0bce852cac8435b6dc2e979691ee84af4c8b2c9bb8", - "zh:ceb4c624e8bb56bbcfe53e3c4ed4b4d27c3a5b62e5f4890b32c98b60b83c7827", - "zh:f08c5bf19eb25f668633964c6bfa823aa0ead785824082533c4a6cff3959e3d0", + "h1:+bZPRgjpUA6LivvMIS1UdwRWUgzoYBp/nhEpbL4aXHM=", + "h1:1pPoDcpXQXbKvbJbt1vbtlJTQEKiscUVDRvpGu/YvYo=", + "h1:2FpB5WtU5mlWVf4kszp0BU7hcbocbX5+KJVt+IJxmsQ=", + "h1:D5lngW1uKlPM2EUCdNG1f2FvPGHYRklDFN8b2jPCIpM=", + "h1:DnSRgZAcjjFnd6tjq12UiP/fI8GyebYy8ax0VrCrxic=", + "h1:cPh4BObf7WxKV4cYFmdgX7EkV9MoEl3Gh75d/3Xnmv0=", + "h1:knKUM9RJmvBYWBatnNn6NuHLawP50Mk1KIPo4o5QHqg=", + "h1:ltmICoIZzDTSwLFARvahWMRc2Q6AhFhLiDKC5r8kXDs=", + "h1:nTP2ZYfuEpMP+PkkgRdhQphNmWWJuKdE9Z4TzeC7ydo=", + "h1:sqVZftg9rJGDiiPiY9l1V/a+5CWkxNcj22sBu8HsJBY=", + "h1:swoRk2drVrD8v7GrW/2OJSk06v2I2zGk3XPAgBDbw9A=", + "zh:04292e149676ba956d738e85faeb6d6ebd3759e8310f1c4155e67402eb5ae0f7", + "zh:0963b4528f25d01d5c733e17de31e2c0b94790fd02931b2a47cd051b20dd0d96", + "zh:133563e16e8a4a7139ac11d94e68de8d1d5e3a62a532e64ac936735d7b1e04db", + "zh:2b219f1b40881d3bdd89257c916f255a7e36904ddc65dbbafee80763661b4636", + "zh:4b4e11a4e3716b290b3b173dfd15b06814b2f6f148f663e3c67a677c95526339", + "zh:5607c7bff3019c3b31488be1a8a9d77a96d27b199a1d8b789e4c2d4c90805674", + "zh:6469aef7728947dacb47785e6082d2d95ebd336a8798f3be6cece5a13145108c", + "zh:69e563f4e6397e1ebaef6f554d296238ec1d9dadc4b865c36743bd8366a888da", + "zh:887a223b7a9ec4e66634dbb65d9dcc53f0be06d058d9a209927ad49702ae790c", + "zh:b03c273367885c5489a24c31859af81ea58cb169431c0da97a175945ec968f53", + "zh:dd7b704ceaf98ce591e111a9c5085465c946f4f8f357089c0e27e990a669ba39", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } From beeb80f8cabfbdf7f1cba18791e6510cd0889076 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 14:42:17 +0000 Subject: [PATCH 10/10] Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.4.0 (#459) * Update Terraform github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars to v0.4.0 * Switch to using RBAC authorisation for Key Vault --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> --- terraform/README.md | 3 +-- terraform/key-vault-tfvars-secrets.tf | 23 ++++++++++++----------- terraform/locals.tf | 1 - terraform/variables.tf | 5 ----- 4 files changed, 13 insertions(+), 19 deletions(-) diff --git a/terraform/README.md b/terraform/README.md index 04f836fa3..93f0cafff 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -137,7 +137,7 @@ No providers. | Name | Source | Version | |------|--------|---------| | [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.4.9 | -| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.3.0 | +| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.0 | | [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.2 | ## Resources @@ -177,7 +177,6 @@ No resources. | [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes | | [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes | | [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes | -| [key\_vault\_access\_users](#input\_key\_vault\_access\_users) | List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform | `list(string)` | n/a | yes | | [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes | | [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes | | [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes | diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf index 0b8a5a008..dad3faf4a 100644 --- a/terraform/key-vault-tfvars-secrets.tf +++ b/terraform/key-vault-tfvars-secrets.tf @@ -1,14 +1,15 @@ module "azurerm_key_vault" { - source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.3.0" + source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.0" - environment = local.environment - project_name = local.project_name - existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name - azure_location = local.azure_location - key_vault_access_users = local.key_vault_access_users - key_vault_access_ipv4 = local.key_vault_access_ipv4 - tfvars_filename = local.tfvars_filename - diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id - diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : "" - tags = local.tags + environment = local.environment + project_name = local.project_name + existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name + azure_location = local.azure_location + key_vault_access_use_rbac_authorization = true + key_vault_access_users = [] + key_vault_access_ipv4 = local.key_vault_access_ipv4 + tfvars_filename = local.tfvars_filename + diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id + diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : "" + tags = local.tags } diff --git a/terraform/locals.tf b/terraform/locals.tf index 2fb6669b7..03dc6ce74 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -20,7 +20,6 @@ locals { dns_zone_domain_name = var.dns_zone_domain_name dns_ns_records = var.dns_ns_records dns_txt_records = var.dns_txt_records - key_vault_access_users = toset(var.key_vault_access_users) key_vault_access_ipv4 = var.key_vault_access_ipv4 tfvars_filename = var.tfvars_filename enable_monitoring = var.enable_monitoring diff --git a/terraform/variables.tf b/terraform/variables.tf index 8e13be295..055ca1b04 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -3,11 +3,6 @@ variable "environment" { type = string } -variable "key_vault_access_users" { - description = "List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform" - type = list(string) -} - variable "key_vault_access_ipv4" { description = "List of IPv4 Addresses that are permitted to access the Key Vault" type = list(string)