From 69c039e058b1a53414fa85e38e891371c4da5e22 Mon Sep 17 00:00:00 2001 From: RMcVelia Date: Wed, 29 Nov 2023 11:04:26 +0000 Subject: [PATCH 1/2] Remove paas terraform and workflows --- .github/dependabot.yml | 5 +- .../actions/backup_and_restore/action.yml | 118 -------------- .github/workflows/actions/deploy/action.yml | 145 ------------------ .github/workflows/actions/owasp/action.yml | 66 -------- .github/workflows/backup-and-restore.yml | 43 ------ Makefile | 66 -------- README.md | 21 ++- docs/deployment.md | 4 +- terraform/paas/.gitignore | 1 - terraform/paas/.terraform.lock.hcl | 71 --------- terraform/paas/application.tf | 62 -------- terraform/paas/backend.tf | 5 - terraform/paas/data.tf | 20 --- terraform/paas/dev.bk.vars | 3 - terraform/paas/dev.env.tfvars | 12 -- terraform/paas/domain.tf | 12 -- terraform/paas/network.tf | 23 --- terraform/paas/pagespeed.bk.vars | 2 - terraform/paas/pagespeed.env.tfvars | 13 -- terraform/paas/production.bk.vars | 3 - terraform/paas/production.env.tfvars | 22 --- terraform/paas/provider.tf | 41 ----- terraform/paas/review.bk.vars | 2 - terraform/paas/review.env.tfvars | 9 -- terraform/paas/route.tf | 24 --- terraform/paas/services.tf | 37 ----- terraform/paas/space.tf | 9 -- terraform/paas/statuscake.tf | 71 --------- terraform/paas/test.bk.vars | 3 - terraform/paas/test.env.tfvars | 12 -- terraform/paas/ur.bk.vars | 3 - terraform/paas/ur.env.tfvars | 13 -- terraform/paas/variables.tf | 102 ------------ terraform/paas/versions.tf | 3 - 34 files changed, 13 insertions(+), 1033 deletions(-) delete mode 100644 .github/workflows/actions/backup_and_restore/action.yml delete mode 100644 .github/workflows/actions/deploy/action.yml delete mode 100644 .github/workflows/actions/owasp/action.yml delete mode 100644 .github/workflows/backup-and-restore.yml delete mode 100644 terraform/paas/.gitignore delete mode 100644 terraform/paas/.terraform.lock.hcl delete mode 100644 terraform/paas/application.tf delete mode 100644 terraform/paas/backend.tf delete mode 100644 terraform/paas/data.tf delete mode 100644 terraform/paas/dev.bk.vars delete mode 100644 terraform/paas/dev.env.tfvars delete mode 100644 terraform/paas/domain.tf delete mode 100644 terraform/paas/network.tf delete mode 100644 terraform/paas/pagespeed.bk.vars delete mode 100644 terraform/paas/pagespeed.env.tfvars delete mode 100644 terraform/paas/production.bk.vars delete mode 100644 terraform/paas/production.env.tfvars delete mode 100644 terraform/paas/provider.tf delete mode 100644 terraform/paas/review.bk.vars delete mode 100644 terraform/paas/review.env.tfvars delete mode 100644 terraform/paas/route.tf delete mode 100644 terraform/paas/services.tf delete mode 100644 terraform/paas/space.tf delete mode 100644 terraform/paas/statuscake.tf delete mode 100644 terraform/paas/test.bk.vars delete mode 100644 terraform/paas/test.env.tfvars delete mode 100644 terraform/paas/ur.bk.vars delete mode 100644 terraform/paas/ur.env.tfvars delete mode 100644 terraform/paas/variables.tf delete mode 100644 terraform/paas/versions.tf diff --git a/.github/dependabot.yml b/.github/dependabot.yml index abf5fa0dca..85b350eb03 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,9 +21,8 @@ updates: directory: / schedule: interval: daily - + - package-ecosystem: terraform - directory: /terraform/paas/ + directory: /terraform/aks/ schedule: interval: daily - diff --git a/.github/workflows/actions/backup_and_restore/action.yml b/.github/workflows/actions/backup_and_restore/action.yml deleted file mode 100644 index ec64ca0ac7..0000000000 --- a/.github/workflows/actions/backup_and_restore/action.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: Copy database from PaaS to AKS -description: Backup PaaS postgres DB and restore to AKS - -inputs: - environment: - description: Environment to backup and restore - required: true - azure-credentials-paas: - required: true - azure-credentials-aks: - required: true - -runs: - using: composite - steps: - - name: Set KV environment variables - shell: bash - run: | - tf_vars_file=terraform/paas/${{ inputs.environment }}.env.tfvars - echo "key_vault_name=$(grep azure_key_vault ${tf_vars_file} |awk -F"\"" '{print $2}')" >> $GITHUB_ENV - echo "paas_space_name=$(grep paas_space ${tf_vars_file} |awk -F"\"" '{print $2}')" >> $GITHUB_ENV - echo "paas_app_database_name=$(grep paas_app_database_name ${tf_vars_file} |awk -F"\"" '{print $2}')" >> $GITHUB_ENV - - - uses: azure/login@v1 - with: - creds: ${{ inputs.azure-credentials-paas }} - - - uses: DFE-Digital/keyvault-yaml-secret@v1 - id: get-secrets - with: - keyvault: ${{ env.key_vault_name }} - secret: INFRA-KEYS - key: PAAS-USERNAME,PAAS-PASSWORD - - - name: Setup cf cli - uses: DFE-Digital/github-actions/setup-cf-cli@master - with: - CF_USERNAME: ${{ steps.get-secrets.outputs.PAAS-USERNAME }} - CF_PASSWORD: ${{ steps.get-secrets.outputs.PAAS-PASSWORD }} - CF_SPACE_NAME: ${{ env.paas_space_name }} - INSTALL_CONDUIT: true - - - name: Setup postgres client - uses: DFE-Digital/github-actions/install-postgres-client@master - - - name: Set environment variable - shell: bash - run: echo "backup_file_name=git_${{ inputs.environment }}.sql" >> $GITHUB_ENV - - - name: Backup ${{ inputs.environment }} DB - shell: bash - run: | - cf conduit ${{ env.paas_app_database_name }} -- pg_dump -E utf8 --clean --if-exists --no-owner --verbose --no-password -f ${{ env.backup_file_name }} - cf logout - az logout - - # - # Now restore to the equivalent AKS env database - # - - - name: Set KV environment variables for AKS - shell: bash - run: | - case ${{ inputs.environment }} in - dev) - tf_vars_file=terraform/aks/config/development_aks.tfvars.json - ;; - *) - tf_vars_file=terraform/aks/config/${{ inputs.environment }}_aks.tfvars.json - ;; - esac - echo "cluster=$(jq -r '.cluster' ${tf_vars_file})" >> $GITHUB_ENV - echo "aks_app_environment=$(jq -r '.environment' ${tf_vars_file})" >> $GITHUB_ENV - - - uses: azure/login@v1 - with: - creds: ${{ inputs.azure-credentials-aks }} - - - name: Set up environment variables - shell: bash - run: | - case ${{ env.cluster }} in - test) - echo "cluster_rg=s189t01-tsc-ts-rg" >> $GITHUB_ENV - echo "cluster_name=s189t01-tsc-test-aks" >> $GITHUB_ENV - ;; - production) - echo "cluster_rg=s189p01-tsc-pd-rg" >> $GITHUB_ENV - echo "cluster_name=s189p01-tsc-production-aks" >> $GITHUB_ENV - ;; - *) - echo "unknown cluster" - ;; - esac - echo "app_name=get-into-teaching-app-${{ env.aks_app_environment }}" >> $GITHUB_ENV - - - name: Install kubectl - uses: azure/setup-kubectl@v3 - with: - version: "v1.26.1" # default is latest stable - - - name: K8 setup - shell: bash - run: | - az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }} - make bin/konduit.sh - - - name: Restore backup to aks env database - shell: bash - run: | - bin/konduit.sh -i ${{ env.backup_file_name }} -t 7200 ${{ env.app_name }} -- psql - - - name: Remove PaaS specific event triggers - shell: bash - run: | - bin/konduit.sh ${{ env.app_name }} -- psql -c 'drop event trigger forbid_ddl_reader' - bin/konduit.sh ${{ env.app_name }} -- psql -c 'drop event trigger make_readable' - bin/konduit.sh ${{ env.app_name }} -- psql -c 'drop event trigger reassign_owned' diff --git a/.github/workflows/actions/deploy/action.yml b/.github/workflows/actions/deploy/action.yml deleted file mode 100644 index 1e62fc6f2a..0000000000 --- a/.github/workflows/actions/deploy/action.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: Deploy to PaaS - -inputs: - environment: - description: The environment to deploy to Development/Test/Production/Review/Speed/UR etc - required: true - sha: - description: Commit sha to be deployed - required: true - pr: - description: Pull Request Reference - required: false - AZURE_CREDENTIALS: - required: true - KEY_VAULT: - required: true - ARM_ACCESS_KEY: - required: true - -runs: - using: composite - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - uses: azure/login@v1 - with: - creds: ${{ inputs.AZURE_CREDENTIALS }} - - - name: Validate Key Vault Secrets - uses: DFE-Digital/github-actions/validate-key-vault-secrets@master - with: - KEY_VAULT: ${{ inputs.KEY_VAULT }} - SECRETS: | - CONTENT-KEYS - INFRA-KEYS - - - name: Get Short SHA - id: sha - shell: bash - run: echo "short=$(echo "${{ inputs.sha }}" | cut -c -7)" >> $GITHUB_OUTPUT - - - name: Setup Environment Variables - id: variables - shell: bash - run: | - echo RUN_TEST="true" >> $GITHUB_OUTPUT - if [ "${{inputs.environment }}" == "Review" ] - then - echo "control=review" >> $GITHUB_OUTPUT - pr_name="${{env.REVIEW_APPLICATION}}-${{inputs.pr}}" - echo "pr_name=${pr_name}" >> $GITHUB_OUTPUT - echo "healthcheck=${pr_name}" >> $GITHUB_OUTPUT - echo "key=${pr_name}" >> $GITHUB_OUTPUT - echo "TF_VAR_paas_app_application_name=${pr_name}" >> $GITHUB_ENV - echo "TF_VAR_paas_app_route_name=${pr_name}" >> $GITHUB_ENV - fi - - if [ "${{inputs.environment }}" == "Development" ] - then - echo "control=dev" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-dev" >> $GITHUB_OUTPUT - echo "key=app.dev.terraform" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "Test" ] - then - echo "control=test" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-test" >> $GITHUB_OUTPUT - echo "key=app.test.terraform" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "Speed" ] - then - echo RUN_TEST="false" >> $GITHUB_OUTPUT - echo "control=pagespeed" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-pagespeed" >> $GITHUB_OUTPUT - echo "key=app.pagespeed.terraform" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "UR" ] - then - echo RUN_TEST="true" >> $GITHUB_OUTPUT - echo "control=ur" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-UR" >> $GITHUB_OUTPUT - echo "key=app.ur.terraform" >> $GITHUB_OUTPUT - fi - - if [ "${{inputs.environment }}" == "Production" ] - then - echo "control=production" >> $GITHUB_OUTPUT - echo "healthcheck=${{env.PAAS_APPLICATION_NAME}}-prod" >> $GITHUB_OUTPUT - echo "key=app.production.terraform" >> $GITHUB_OUTPUT - fi - - echo "docker_image=${{env.DOCKER_REPOSITORY}}:sha-${{ steps.sha.outputs.short}}" >> $GITHUB_OUTPUT - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ inputs.KEY_VAULT}} - secret: INFRA-KEYS - key: HTTP-USERNAME, HTTP-PASSWORD, LOGIT-API - - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.2.8 - - - name: Terraform ( ${{inputs.environment}} ) - shell: bash - run: | - cd terraform/paas && pwd - terraform init -backend-config=${{steps.variables.outputs.control}}.bk.vars -backend-config="key=${{steps.variables.outputs.key}}.tfstate" - terraform apply -var-file=${{steps.variables.outputs.control}}.env.tfvars -auto-approve - env: - ARM_ACCESS_KEY: ${{ inputs.ARM_ACCESS_KEY }} - TF_VAR_paas_app_docker_image: ${{ steps.variables.outputs.docker_image}} - TF_VAR_AZURE_CREDENTIALS: ${{ inputs.AZURE_CREDENTIALS }} - - - name: Smoke tests - shell: bash - run: | - if [ "${{steps.variables.outputs.RUN_TEST}}" == "true" ] - then - tests/confidence/healthcheck.sh "${{steps.variables.outputs.healthcheck}}" "sha-${{ steps.sha.outputs.short }}" - fi - env: - HTTPAUTH_PASSWORD: ${{ steps.keyvault-yaml-secret.outputs.HTTP-PASSWORD }} - HTTPAUTH_USERNAME: ${{ steps.keyvault-yaml-secret.outputs.HTTP-USERNAME }} - - - name: Log Deployment - if: always() - uses: DFE-Digital/github-actions/SendToLogit@master - with: - LOGIT-API-KEY: ${{ steps.keyvault-yaml-secret.outputs.LOGIT-API }} - logtype: "github" - JSON: | - '{"Application" : "${{env.PAAS_APPLICATION_NAME}}", - "Status" : "${{ job.status }}", - "Action" : "Deploy", - "Environment" : "${{inputs.environment}}", - "Version" : "${{ inputs.sha }}" }' diff --git a/.github/workflows/actions/owasp/action.yml b/.github/workflows/actions/owasp/action.yml deleted file mode 100644 index 3cf2c5733a..0000000000 --- a/.github/workflows/actions/owasp/action.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: owasp - -inputs: - environment: - description: The environment to deploy to Development/Test/Production/Review/Speed/UR etc - required: true - AZURE_CREDENTIALS: - required: true - KEY_VAULT: - required: true - ARM_ACCESS_KEY: - required: true - GITHUB_TOKEN: - required: true - -runs: - using: composite - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - uses: Azure/login@v1 - with: - creds: ${{ inputs.AZURE_CREDENTIALS }} - - - uses: DfE-Digital/keyvault-yaml-secret@v1 - id: keyvault-yaml-secret - with: - keyvault: ${{ inputs.KEY_VAULT}} - secret: INFRA-KEYS - key: SLACK-WEBHOOK, HTTP-PASSWORD, HTTP-USERNAME - - - name: set-up-environment - uses: DFE-Digital/github-actions/set-up-environment@master - - - name: Setup Application Name - id: app_name - shell: bash - run: | - if [[ "${{ inputs.environment }}" == "Production" ]] ; then - rval="${{env.PAAS_APPLICATION_NAME}}-prod.${{env.DOMAIN}}" - elif [[ "${{ inputs.environment }}" == "Test" ]] ; then - rval="${{env.PAAS_APPLICATION_NAME}}-test.${{env.DOMAIN}}" - elif [[ "${{ inputs.environment }}" == "Development" ]] ; then - rval="${{env.PAAS_APPLICATION_NAME}}-dev.${{env.DOMAIN}}" - fi - echo "SCAN=${rval}" >> $GITHUB_OUTPUT - - - name: ZAP Scan - uses: zaproxy/action-full-scan@v0.4.0 - with: - token: ${{ inputs.GITHUB_TOKEN }} - docker_name: 'owasp/zap2docker-stable' - target: 'https://${{ steps.keyvault-yaml-secret.outputs.HTTP-USERNAME }}:${{ steps.keyvault-yaml-secret.outputs.HTTP-PASSWORD }}@${{steps.app_name.outputs.SCAN}}/' - rules_file_name: '.zap/rules.tsv' - cmd_options: '-a' - - - name: Slack Notification - if: failure() - uses: rtCamp/action-slack-notify@master - env: - SLACK_COLOR: ${{env.SLACK_FAILURE}} - SLACK_MESSAGE: 'Pipeline Failure carrying out OWASP Testing on https://${{env.PAAS_APPLICATION_NAME}}-${{ inputs.environment }}.${{env.DOMAIN}}/' - SLACK_TITLE: 'Failure: OWSAP Testing has failed on ${{ inputs.environment }}' - SLACK_WEBHOOK: ${{ steps.keyvault-yaml-secret.outputs.SLACK-WEBHOOK }} diff --git a/.github/workflows/backup-and-restore.yml b/.github/workflows/backup-and-restore.yml deleted file mode 100644 index 4282d41505..0000000000 --- a/.github/workflows/backup-and-restore.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Restore backup to AKS Database - -on: - workflow_dispatch: - inputs: - environment: - description: GitHub environment to backup and restore - type: choice - default: test - options: - - test - - dev - - production - -jobs: - backup-and-restore: - name: ${{ github.event.inputs.environment }} backup and restore to aks - environment: - name: ${{ github.event.inputs.environment }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Backup and Restore action for ${{ inputs.environment }} to AKS test cluster - if: inputs.environment == 'test' || inputs.environment == 'dev' - id: backup_and_restore_env_test - uses: ./.github/workflows/actions/backup_and_restore/ - with: - environment: ${{ github.event.inputs.environment }} - azure-credentials-paas: ${{ secrets.AZURE_CREDENTIALS }} - azure-credentials-aks: ${{ secrets.AZURE_CREDENTIALS_AKS_REVIEW }} - slack-webhook: ${{ secrets.SLACK_WEBHOOK }} - - - name: Backup and Restore action for ${{ inputs.environment }} to AKS prod cluster - if: inputs.environment == 'production' - id: backup_and_restore_env_prod - uses: ./.github/workflows/actions/backup_and_restore/ - with: - environment: ${{ github.event.inputs.environment }} - azure-credentials-paas: ${{ secrets.AZURE_CREDENTIALS }} - azure-credentials-aks: ${{ secrets.AZURE_CREDENTIALS_AKS_PROD }} - slack-webhook: ${{ secrets.SLACK_WEBHOOK }} diff --git a/Makefile b/Makefile index 6c04a02dca..290248ac23 100644 --- a/Makefile +++ b/Makefile @@ -32,40 +32,11 @@ PAGESPEED_SECRETS=PAGE-SPEED-KEYS INFRA_SECRETS=INFRA-KEYS DOCKER_IMAGE=get-into-teaching-app -.PHONY: development -development: - $(eval export DEPLOY_ENV=dev) - $(eval export KEY_VAULT=s146d01-kv) - $(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development) - .PHONY: local local: $(eval export KEY_VAULT=s146d01-local2-kv) $(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development) -.PHONY: review -review: - $(if $(PR_NUMBER), , $(error Missing environment variable "PR_NUMBER", Please specify a pr number for your review app)) - $(eval export PR_NAME=review-get-into-teaching-app-${PR_NUMBER}) - $(eval export DEPLOY_ENV=review) - $(eval export KEY_VAULT=s146d01-kv) - $(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development) - $(eval BACKEND_KEY=-backend-config=key=${PR_NAME}.tfstate) - $(eval export TF_VAR_paas_app_application_name=${PR_NAME}) - $(eval export TF_VAR_paas_app_route_name=${PR_NAME}) - -.PHONY: test -test: - $(eval export DEPLOY_ENV=staging) - $(eval export KEY_VAULT=s146t01-kv) - $(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-test) - -.PHONY: production -production: - $(eval export DEPLOY_ENV=production) - $(eval export KEY_VAULT=s146p01-kv) - $(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-production) - .PHONY: review_aks review_aks: test-cluster $(if $(PR_NUMBER), , $(error Missing environment variable "PR_NUMBER", Please specify a pr number for your review app)) @@ -101,24 +72,6 @@ install-fetch-config: && chmod +x fetch_config.rb \ || true -edit-app-secrets: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT}/${APPLICATION_SECRETS} -e -d azure-key-vault-secret:${KEY_VAULT}/${APPLICATION_SECRETS} -f yaml -c - -print-app-secrets: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT}/${APPLICATION_SECRETS} -f yaml - -edit-ps-secrets: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT}/${PAGESPEED_SECRETS} -e -d azure-key-vault-secret:${KEY_VAULT}/${PAGESPEED_SECRETS} -f yaml -c - -print-ps-secrets: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT}/${PAGESPEED_SECRETS} -f yaml - -edit-infra-secrets: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT}/${INFRA_SECRETS} -e -d azure-key-vault-secret:${KEY_VAULT}/${INFRA_SECRETS} -f yaml -c - -print-infra-secrets: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${KEY_VAULT}/${INFRA_SECRETS} -f yaml - setup-local-env: install-fetch-config set-azure-account ./fetch_config.rb -s yaml-file:.env.development.yml -s azure-key-vault-secret:s146d01-local2-kv/${APPLICATION_SECRETS} -f shell-env-var > .env.development @@ -146,25 +99,6 @@ bin/konduit.sh: curl -s https://raw.githubusercontent.com/DFE-Digital/teacher-services-cloud/main/scripts/konduit.sh -o bin/konduit.sh \ && chmod +x bin/konduit.sh -terraform-init: set-azure-account - $(if $(or $(IMAGE_TAG), $(NO_IMAGE_TAG_DEFAULT)), , $(eval export IMAGE_TAG=master)) - $(if $(IMAGE_TAG), , $(error Missing environment variable "IMAGE_TAG")) - $(eval export TF_VAR_paas_app_docker_image=ghcr.io/dfe-digital/get-into-teaching-frontend:$(IMAGE_TAG)) - - terraform -chdir=terraform/paas init -reconfigure -backend-config=${DEPLOY_ENV}.bk.vars ${BACKEND_KEY} - -terraform-plan: terraform-init - terraform -chdir=terraform/paas plan -var-file=${DEPLOY_ENV}.env.tfvars - -terraform: terraform-init - terraform -chdir=terraform/paas apply -var-file=${DEPLOY_ENV}.env.tfvars ${AUTO_APPROVE} - -terraform-destroy: terraform-init - terraform -chdir=terraform/paas destroy -var-file=${DEPLOY_ENV}.env.tfvars ${AUTO_APPROVE} - -delete-state-file: - az storage blob delete --container-name pass-tfstate --delete-snapshots include --account-name s146d01sgtfstate -n ${PR_NAME}.tfstate - terraform-init-aks: composed-variables bin/terrafile set-azure-account $(if ${DOCKER_IMAGE_TAG}, , $(eval DOCKER_IMAGE_TAG=master)) $(if $(PR_NUMBER), $(eval KEY_PREFIX=$(PR_NUMBER)), $(eval KEY_PREFIX=$(ENVIRONMENT))) diff --git a/README.md b/README.md index d6b7b44ee1..b77232c9f9 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Get Into Teaching -A service for candidates to [get-into-teaching](https://getintoteaching.education.gov.uk/). +A service for candidates to [get-into-teaching](https://getintoteaching.education.gov.uk/). ## Status @@ -19,17 +19,15 @@ A service for candidates to [get-into-teaching](https://getintoteaching.educatio ## Environments -The website is deployed to GOV.UK PAAS. The environments can be confusing because our Rails environments are named differently (we should look to address this as part of the migration away from GOV.UK PAAS!). Here is a table to try and make sense of the combinations: +The website is deployed to AKS. The environments can be confusing because our Rails environments are named differently. Here is a table to try and make sense of the combinations: -| Environment | Rails Environment | Description | URL | -| ----------------------- | ----------------- | ------------------------------------- | ---------------------------------------------------------------- | -| development (PAAS) | rolling | Internal use/testing | https://get-into-teaching-app-dev.london.cloudapps.digital | -| test (PAAS) | preprod | Internal use/testing | https://get-into-teaching-app-test.london.cloudapps.digital | -| production (PASS) | production | Public | https://getintoteaching.education.gov.uk | -| pagespeed (PASS) | pagespeed | Runs periodic page speed analytics | https://get-into-teaching-app-pagespeed.london.cloudapps.digital | -| ur (PASS) | preprod | User research sessions | https://get-into-teaching-app-ur.london.cloudapps.digital | -| development (local) | development | Local development | 0.0.0.0:3000 | -| test (local) | test | Local test suite | n/a | +| Environment | Rails Environment | Description | URL | +| ----------------------- | ----------------- | -------------------------------- | --------------------------------------------------------------------- | +| development (AKS) | rolling | Internal use/testing | https://get-into-teaching-app-development.test.teacherservices.cloud | +| test (AKS) | preprod | Internal use/testing | https://get-into-teaching-app-test.test.teacherservices.cloud | +| production (AKS) | production | Public | https://getintoteaching.education.gov.uk | +| development (local) | development | Local development | 0.0.0.0:3000 | +| test (local) | test | Local test suite | n/a | ## Guides @@ -50,4 +48,3 @@ The website is deployed to GOV.UK PAAS. The environments can be confusing becaus ## License [MIT Licence](LICENCE) - diff --git a/docs/deployment.md b/docs/deployment.md index ce21eb4b65..281e7a4146 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -2,11 +2,11 @@ ## Review apps -When you raise a pull request in GitHub an Action will create a review app in GOV.UK PAAS so that you can preview your changes in a production-like environment (or present changes to other team members ahead of merging). When the review all is built a comment will be posted to the PR with a link to the app. +When you raise a pull request in GitHub an Action will create a review app in AKS so that you can preview your changes in a production-like environment (or present changes to other team members ahead of merging). When the review all is built a comment will be posted to the PR with a link to the app. ## Deploying to production -A merged pull request will deploy **to dev, test and production**. +A merged pull request will deploy **to dev, test and production**. ## Deploying to dev/test manually diff --git a/terraform/paas/.gitignore b/terraform/paas/.gitignore deleted file mode 100644 index 3fa8c86b7b..0000000000 --- a/terraform/paas/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.terraform diff --git a/terraform/paas/.terraform.lock.hcl b/terraform/paas/.terraform.lock.hcl deleted file mode 100644 index b8b47a16bc..0000000000 --- a/terraform/paas/.terraform.lock.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/cloudfoundry-community/cloudfoundry" { - version = "0.51.3" - constraints = "0.51.3" - hashes = [ - "h1:Wuz3KPG8YwBFfla8FDxqIQnBAqQhX8AkS9rSRMmYKKc=", - "h1:uM0ayyirpxhfyZ9SYxpr7MkS1IUvEbnbsKVajnivoXM=", - "zh:011f93f31daefd75e4664ce80462f13f0ee1f93c073b3217730e7a136ca9d544", - "zh:0d9078e43a1dcefd62f593e248d7b44478dd75cd70aabdfce92a52abe065f297", - "zh:29cc360081f68442ec2f4b1d90f24b9cc3c1017c86e18de62eb8043dbbf7fe8c", - "zh:48ea027fd3ecefac3302a58dd61389b086c123d621f094a441aef0c036f9d9f3", - "zh:59cbaec857468fe10e91e9f67358bb0c18e91d9dc1bf4386ace42c2a95925889", - "zh:8537822684fc2b531ed1c404da25fee2af71f9cfc326bb26b35828d6a7087ed3", - "zh:b0d88d3fcd86c5c493de4001e9f1c961e1650a364831380c2aa9ab17551094b7", - "zh:cbde14e2c1f84285b0ae28dfb0c495ec6ba503d3abd95774f92492dd26276e14", - "zh:cc29ecc864a5f2c1f4d3c6425d595c163ccd202203a40dc78a22f7b8f945efc8", - "zh:d3ab24d7b5081b3858053b88222c7652d7432de15a3e037eef0f5d96881f7ef8", - "zh:dc125bab081ae478c0afedbeb805238f97fea83e999aa94c2e400e646b845df2", - "zh:e12d7ed99ac17b2724f2129db75540c55bbe9e10d067dac8d71216598ce492d1", - "zh:fb4f969728f285b5dc460fc8693cfb3f0d4139bda2d389e5de2a0ad91f2009a1", - "zh:fca9941b778e7f6ca57d44d698f528438283ab15c1789d8b48be722fe7c03b4b", - "zh:fea692d2ed3d4e9da5aebdc54d1c19afe97e07d597b7d5d768224976bc329cc2", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.79.0" - constraints = "3.79.0" - hashes = [ - "h1:7Bf5Bagy9v33QKJKlFN2++WjE/E5UIElfpC/7sqUMV8=", - "h1:L7Fl4P1jp/ca2+BipJj2Yah39wvN7Y+rXJPSQgXGQzk=", - "zh:0cd62eff55944be5bee31b376b410f07232227490b902af8f4785021edeb707f", - "zh:168128566331d18b89565205ed78a6a64c3f55a2555956f7e4c15773de56905c", - "zh:63068b268ae4080fe3e33f75c174e83ed2355b5812ec62a29e5f7c7e71399ab9", - "zh:6e88c32eafc7c01d9564bca18f2e47a7f54f2fec1b64700f3f7a6f927757a034", - "zh:8f1f40fc00bc22eb5ea4fa6a4b4815d2a44a2a7ba086cadf2a37366f8fa65c88", - "zh:96e6309019a0367bb77bec52cd0bcbd049ac943e7a28ed0b7635b8e9ed5776d3", - "zh:ba4840eb4da0df74adfe9bf59ff7e63d4a38c1ae0028c93c06285d766fc06f0f", - "zh:dd49b4cc241251077dbdbae5137f03f1d66873408b0b43d3ff5f98fa254ffca4", - "zh:e0a99adb8b1c1b951e2b19c677fb4c1ba78350b829f0ff73aa141ec1bc1ecd8b", - "zh:ee523758d5b17fd04fa869b7f6ad92f1b321eaaa9e1508609dcca1577dee3c44", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fbc79c9a3cc63e6f3f154cdca23b8ccb6de86495c0b9ae605bea50072c514032", - ] -} - -provider "registry.terraform.io/statuscakedev/statuscake" { - version = "2.2.2" - constraints = "2.2.2" - hashes = [ - "h1:OoqL/K/eNLahbfMwJvYZHo9kacafjtrJKhd6cLrubZ4=", - "h1:wFoZJfmNvG6XTf65NLai67geSHqYV1Tilx7OITrHilE=", - "zh:0916313344c579d6e05d70f88129a10fe48f7dabe0e61cad17874d6c496f288d", - "zh:0d491ff72c2eda6482855033ca2146c5ace1663d07cb3da7253b59ed2e2ec6f4", - "zh:11fffbce18eb3d3c283e877242f477e0c561342c19090240b60af7d948bd84ac", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:1c6116092c59bc0010e147dc7832ae981d528f235cef563e5ae05a93ef8bac5c", - "zh:1f13a543b1d32cc1f1e3d2ed5ca83445f088787c335690fe20dee1203488a8bc", - "zh:23f55fd0714696c3863f892646a79a780cea1923c0c4d2b1064df735ba4156f5", - "zh:288fbb4431ac12014aa5aab10ee7166dfe71fd1158464e06e8a527aa4919e64e", - "zh:2a0746d3c8cdc7d0875df0f4605d81130e6da0ce6196d0f5f8661fe9191bc2ab", - "zh:31d660756abc53d252906fe1239fad58ecb6c1d0dbb087408a8af266be1f9ae4", - "zh:6765281d1b7efb41085c5375660b6c6b271babc5d09b2c030bec7176f7a7bfb6", - "zh:6d7204eadb667c1f2cab762a7a97234cf47452f0ecad680f5106c8fd02524c87", - "zh:b70a97b0eba471d683e23ce8744a5c67ef9952086e2d6f5825b72f32b6caff89", - "zh:df89ee4aaba88faea33d33384a36ea52588b5514644d335f724378a682d8d9da", - "zh:ffe2e1e7224ea5f4dd65b9eef45464e3124cfc824473b04e7af429f9177f2375", - ] -} diff --git a/terraform/paas/application.tf b/terraform/paas/application.tf deleted file mode 100644 index c1601f78f0..0000000000 --- a/terraform/paas/application.tf +++ /dev/null @@ -1,62 +0,0 @@ -locals { - environment_map = { HTTPAUTH_PASSWORD = local.infrastructure_secrets.HTTP-PASSWORD, - HTTPAUTH_USERNAME = local.infrastructure_secrets.HTTP-USERNAME, - BASIC_AUTH = var.basic_auth, - APP_URL = length(var.paas_asset_hostnames) == 0 ? "" : "https://${var.paas_internet_hostnames[0]}.${data.cloudfoundry_domain.internet.name}", - APP_ASSETS_URL = length(var.paas_asset_hostnames) == 0 ? "" : "https://${var.paas_asset_hostnames[0]}.${data.cloudfoundry_domain.internet.name}" } - - service_bindings = (length(var.paas_linked_services) == 0 ? - [cloudfoundry_service_instance.app_postgres[0], cloudfoundry_service_instance.app_redis[0]] : - values(data.cloudfoundry_service_instance.linked) - ) -} - -resource "cloudfoundry_app" "app_application" { - name = var.paas_app_application_name - space = data.cloudfoundry_space.space.id - docker_image = var.paas_app_docker_image - stopped = var.application_stopped - strategy = var.strategy - memory = 1024 - disk_quota = 3072 - timeout = var.timeout - instances = var.instances - - dynamic "service_binding" { - for_each = data.cloudfoundry_user_provided_service.logging - content { - service_instance = service_binding.value["id"] - } - } - - dynamic "service_binding" { - for_each = local.service_bindings - content { - service_instance = service_binding.value["id"] - } - } - - routes { - route = cloudfoundry_route.app_route_cloud.id - } - - routes { - route = cloudfoundry_route.app_route_internal.id - } - - dynamic "routes" { - for_each = data.cloudfoundry_route.app_route_internet - content { - route = routes.value["id"] - } - } - - dynamic "routes" { - for_each = data.cloudfoundry_route.app_route_assets - content { - route = routes.value["id"] - } - } - - environment = { for i, v in merge(local.application_secrets, local.environment_map) : i => v if v != "" } -} diff --git a/terraform/paas/backend.tf b/terraform/paas/backend.tf deleted file mode 100644 index 3f5d95d058..0000000000 --- a/terraform/paas/backend.tf +++ /dev/null @@ -1,5 +0,0 @@ -terraform { - backend "azurerm" { - container_name = "pass-tfstate" - } -} diff --git a/terraform/paas/data.tf b/terraform/paas/data.tf deleted file mode 100644 index a382c48dbe..0000000000 --- a/terraform/paas/data.tf +++ /dev/null @@ -1,20 +0,0 @@ -data "azurerm_key_vault" "vault" { - name = var.azure_key_vault - resource_group_name = var.azure_resource_group -} - -data "azurerm_key_vault_secret" "application" { - key_vault_id = data.azurerm_key_vault.vault.id - name = var.azure_vault_secret -} - -data "azurerm_key_vault_secret" "infrastructure" { - key_vault_id = data.azurerm_key_vault.vault.id - name = "INFRA-KEYS" -} - -locals { - application_secrets = yamldecode(data.azurerm_key_vault_secret.application.value) - infrastructure_secrets = yamldecode(data.azurerm_key_vault_secret.infrastructure.value) -} - diff --git a/terraform/paas/dev.bk.vars b/terraform/paas/dev.bk.vars deleted file mode 100644 index 2d9eb1523b..0000000000 --- a/terraform/paas/dev.bk.vars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s146d01sgtfstate" -key="app.dev.terraform.tfstate" -resource_group_name = "s146d01-rg-tfstate" diff --git a/terraform/paas/dev.env.tfvars b/terraform/paas/dev.env.tfvars deleted file mode 100644 index 939d869dfe..0000000000 --- a/terraform/paas/dev.env.tfvars +++ /dev/null @@ -1,12 +0,0 @@ -paas_space = "get-into-teaching" -paas_monitoring_space = "get-into-teaching" -paas_monitoring_app = "prometheus-dev-get-into-teaching" -paas_app_application_name = "get-into-teaching-app-dev" -paas_app_route_name = "get-into-teaching-app-dev" -paas_app_redis_name = "get-into-teaching-app-dev-redis-svc" -paas_app_database_name = "get-into-teaching-app-dev-pg-git-svc" -logging = 0 -instances = 1 -alerts = {} -azure_key_vault = "s146d01-kv" -azure_resource_group = "s146d01-rg" diff --git a/terraform/paas/domain.tf b/terraform/paas/domain.tf deleted file mode 100644 index 46ecfcc704..0000000000 --- a/terraform/paas/domain.tf +++ /dev/null @@ -1,12 +0,0 @@ -data "cloudfoundry_domain" "cloudapps" { - name = "london.cloudapps.digital" -} - -data "cloudfoundry_domain" "internet" { - name = "education.gov.uk" -} - -data "cloudfoundry_domain" "internal" { - name = "apps.internal" -} - diff --git a/terraform/paas/network.tf b/terraform/paas/network.tf deleted file mode 100644 index d433d3992d..0000000000 --- a/terraform/paas/network.tf +++ /dev/null @@ -1,23 +0,0 @@ -data "cloudfoundry_app" "prometheus" { - name_or_id = var.paas_monitoring_app - space = data.cloudfoundry_space.monitoring.id -} - -data "cloudfoundry_app" "monitor_apps" { - - name_or_id = cloudfoundry_app.app_application.id - space = data.cloudfoundry_space.space.id - - depends_on = [ cloudfoundry_app.app_application ] -} - - -resource "cloudfoundry_network_policy" "monitoring-policy-app" { - - policy { - source_app = data.cloudfoundry_app.prometheus.id - destination_app = data.cloudfoundry_app.monitor_apps.id - port = "3000" - protocol = "tcp" - } -} diff --git a/terraform/paas/pagespeed.bk.vars b/terraform/paas/pagespeed.bk.vars deleted file mode 100644 index cf6cc9f0dd..0000000000 --- a/terraform/paas/pagespeed.bk.vars +++ /dev/null @@ -1,2 +0,0 @@ -storage_account_name = "s146t01sgtfstate" -key="app.pagespeed.terraform.tfstate" diff --git a/terraform/paas/pagespeed.env.tfvars b/terraform/paas/pagespeed.env.tfvars deleted file mode 100644 index d37bdfbe17..0000000000 --- a/terraform/paas/pagespeed.env.tfvars +++ /dev/null @@ -1,13 +0,0 @@ -paas_space = "get-into-teaching-test" -paas_monitoring_space = "get-into-teaching-monitoring" -paas_monitoring_app = "prometheus-prod-get-into-teaching" -paas_app_application_name = "get-into-teaching-app-pagespeed" -paas_app_route_name = "get-into-teaching-app-pagespeed" -paas_linked_services = ["get-into-teaching-test-redis-svc", "get-into-teaching-app-test-pg-git-svc"] -timeout = 1800 -logging = 0 -instances = 1 -alerts = {} -azure_vault_secret = "PAGE-SPEED-KEYS" -azure_key_vault = "s146t01-kv" -azure_resource_group = "s146t01-rg" diff --git a/terraform/paas/production.bk.vars b/terraform/paas/production.bk.vars deleted file mode 100644 index 1679555a60..0000000000 --- a/terraform/paas/production.bk.vars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s146p01sgtfstate" -key="app.production.terraform.tfstate" -resource_group_name = "s146p01-rg" diff --git a/terraform/paas/production.env.tfvars b/terraform/paas/production.env.tfvars deleted file mode 100644 index 7bc9d44c63..0000000000 --- a/terraform/paas/production.env.tfvars +++ /dev/null @@ -1,22 +0,0 @@ -paas_space = "get-into-teaching-production" -paas_monitoring_space = "get-into-teaching-monitoring" -paas_monitoring_app = "prometheus-prod-get-into-teaching" -paas_app_route_name = "get-into-teaching-app-prod" -paas_app_application_name = "get-into-teaching-app-prod" -paas_app_database_name = "get-into-teaching-app-prod-pg-git-svc" -paas_app_redis_name = "get-into-teaching-app-prod-redis-svc" -paas_internet_hostnames = ["getintoteaching", "beta-getintoteaching"] # The first item in the list will be used as the Application URL, routes will be created for all items. -paas_asset_hostnames = ["app-assets-getintoteaching"] # The first item will be used as Asset Hostname, routes will be created for all items. -database_plan = "small-ha-13" -instances = 6 -basic_auth = 0 -azure_key_vault = "s146p01-kv" -azure_resource_group = "s146p01-rg" -alerts = { - GiT_App_Production_Healthcheck = { - website_name = "Get Into Teaching Website (Production)" - website_url = "https://getintoteaching.education.gov.uk/healthcheck.json" - check_rate = 60 - contact_group = [185037] - } -} diff --git a/terraform/paas/provider.tf b/terraform/paas/provider.tf deleted file mode 100644 index 125204fded..0000000000 --- a/terraform/paas/provider.tf +++ /dev/null @@ -1,41 +0,0 @@ -provider "cloudfoundry" { - api_url = var.api_url - user = local.infrastructure_secrets.PAAS-USERNAME - password = local.infrastructure_secrets.PAAS-PASSWORD -} - -provider "statuscake" { - api_token = local.infrastructure_secrets.SC-PASSWORD -} - -locals { - azure_credentials = jsondecode(var.AZURE_CREDENTIALS) -} - -provider "azurerm" { - skip_provider_registration = true - features {} - subscription_id = try(local.azure_credentials.subscriptionId, null) - client_id = try(local.azure_credentials.clientId, null) - client_secret = try(local.azure_credentials.clientSecret, null) - tenant_id = try(local.azure_credentials.tenantId, null) -} - -terraform { - required_version = "1.2.8" - - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.79.0" - } - cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "0.51.3" - } - statuscake = { - source = "StatusCakeDev/statuscake" - version = "2.2.2" - } - } -} diff --git a/terraform/paas/review.bk.vars b/terraform/paas/review.bk.vars deleted file mode 100644 index 847f9d2063..0000000000 --- a/terraform/paas/review.bk.vars +++ /dev/null @@ -1,2 +0,0 @@ -storage_account_name = "s146d01sgtfstate" -resource_group_name = "s146d01-rg-tfstate" diff --git a/terraform/paas/review.env.tfvars b/terraform/paas/review.env.tfvars deleted file mode 100644 index 4f6764502c..0000000000 --- a/terraform/paas/review.env.tfvars +++ /dev/null @@ -1,9 +0,0 @@ -paas_space = "get-into-teaching" -paas_monitoring_space = "get-into-teaching" -paas_monitoring_app = "prometheus-dev-get-into-teaching" -logging = 0 -instances = 1 -alerts = {} -azure_key_vault = "s146d01-kv" -azure_resource_group = "s146d01-rg" -paas_linked_services = ["get-into-teaching-dev-redis-svc", "get-into-teaching-app-dev-pg-git-svc"] diff --git a/terraform/paas/route.tf b/terraform/paas/route.tf deleted file mode 100644 index 9c1180d8b4..0000000000 --- a/terraform/paas/route.tf +++ /dev/null @@ -1,24 +0,0 @@ -data "cloudfoundry_route" "app_route_internet" { - for_each = toset(var.paas_internet_hostnames) - hostname = each.value - domain = data.cloudfoundry_domain.internet.id -} - -data "cloudfoundry_route" "app_route_assets" { - for_each = toset(var.paas_asset_hostnames) - hostname = each.value - domain = data.cloudfoundry_domain.internet.id -} - -resource "cloudfoundry_route" "app_route_cloud" { - domain = data.cloudfoundry_domain.cloudapps.id - hostname = var.paas_app_route_name - space = data.cloudfoundry_space.space.id -} - -resource "cloudfoundry_route" "app_route_internal" { - domain = data.cloudfoundry_domain.internal.id - hostname = "${var.paas_app_route_name}-internal" - space = data.cloudfoundry_space.space.id -} - diff --git a/terraform/paas/services.tf b/terraform/paas/services.tf deleted file mode 100644 index ebf1268e2d..0000000000 --- a/terraform/paas/services.tf +++ /dev/null @@ -1,37 +0,0 @@ -data "cloudfoundry_service" "postgres" { - name = "postgres" -} - -data "cloudfoundry_user_provided_service" "logging" { - name = var.paas_logging_name - space = data.cloudfoundry_space.space.id - count = var.logging -} - -resource "cloudfoundry_service_instance" "app_postgres" { - count = length(var.paas_linked_services) == 0 ? 1 : 0 - - name = var.paas_app_database_name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.postgres.service_plans[var.database_plan] - json_params = "{}" -} - -data "cloudfoundry_service_instance" "linked" { - for_each = toset(var.paas_linked_services) - name_or_id = each.value - space = data.cloudfoundry_space.space.id -} - -data "cloudfoundry_service" "redis" { - name = "redis" -} - -resource "cloudfoundry_service_instance" "app_redis" { - count = length(var.paas_linked_services) == 0 ? 1 : 0 - - name = var.paas_app_redis_name - space = data.cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.redis.service_plans[var.paas_app_redis_plan] - json_params = "{\"maxmemory_policy\": \"allkeys-lfu\" }" -} diff --git a/terraform/paas/space.tf b/terraform/paas/space.tf deleted file mode 100644 index bddf4c8f5a..0000000000 --- a/terraform/paas/space.tf +++ /dev/null @@ -1,9 +0,0 @@ -data "cloudfoundry_space" "space" { - name = var.paas_space - org_name = var.paas_org_name -} - -data "cloudfoundry_space" "monitoring" { - name = var.paas_monitoring_space - org_name = var.paas_org_name -} diff --git a/terraform/paas/statuscake.tf b/terraform/paas/statuscake.tf deleted file mode 100644 index 1b9e5ca7b8..0000000000 --- a/terraform/paas/statuscake.tf +++ /dev/null @@ -1,71 +0,0 @@ -resource "statuscake_uptime_check" "alert" { - for_each = var.alerts - - name = each.value.website_name - check_interval = each.value.check_rate - contact_groups = each.value.contact_group - confirmation = 2 - trigger_rate = 0 - regions = ["london", "dublin"] - tags = ["GIT", "BETA"] - - http_check { - follow_redirects = true - timeout = 40 - request_method = "HTTP" - status_codes = [ - "204", - "205", - "206", - "303", - "400", - "401", - "403", - "404", - "405", - "406", - "408", - "410", - "413", - "444", - "429", - "494", - "495", - "496", - "499", - "500", - "501", - "502", - "503", - "504", - "505", - "506", - "507", - "508", - "509", - "510", - "511", - "521", - "522", - "523", - "524", - "520", - "598", - "599" - ] - dynamic "basic_authentication" { - for_each = var.statuscake_enable_basic_auth ? [1] : [] - content { - username = local.infrastructure_secrets.HTTP-USERNAME - password = local.infrastructure_secrets.HTTP-PASSWORD - } - } - request_headers = { - Content-Type = "application/x-www-form-urlencoded" - } - } - - monitored_resource { - address = each.value.website_url - } -} diff --git a/terraform/paas/test.bk.vars b/terraform/paas/test.bk.vars deleted file mode 100644 index 1423b5a7b7..0000000000 --- a/terraform/paas/test.bk.vars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name="s146t01sgtfstate" -key="app.test.terraform.tfstate" -resource_group_name = "s146t01-rg-tfstate" diff --git a/terraform/paas/test.env.tfvars b/terraform/paas/test.env.tfvars deleted file mode 100644 index 07add98763..0000000000 --- a/terraform/paas/test.env.tfvars +++ /dev/null @@ -1,12 +0,0 @@ -paas_space = "get-into-teaching-test" -paas_monitoring_space = "get-into-teaching-monitoring" -paas_monitoring_app = "prometheus-prod-get-into-teaching" -paas_app_application_name = "get-into-teaching-app-test" -paas_app_route_name = "get-into-teaching-app-test" -paas_app_database_name = "get-into-teaching-app-test-pg-git-svc" -paas_app_redis_name = "get-into-teaching-app-test-redis-svc" -paas_internet_hostnames = ["staging-getintoteaching"] # The first item in the list will be used as the Application URL, routes will be created for all items. -paas_asset_hostnames = ["assets-staging-getintoteaching"] # The first item will be used as Asset Hostname, routes will be created for all items. -alerts = {} -azure_key_vault = "s146t01-kv" -azure_resource_group = "s146t01-rg" diff --git a/terraform/paas/ur.bk.vars b/terraform/paas/ur.bk.vars deleted file mode 100644 index 83142468dc..0000000000 --- a/terraform/paas/ur.bk.vars +++ /dev/null @@ -1,3 +0,0 @@ -storage_account_name = "s146t01sgtfstate" -key="app.ur.terraform.tfstate" -resource_group_name = "s146t01-rg-tfstate" diff --git a/terraform/paas/ur.env.tfvars b/terraform/paas/ur.env.tfvars deleted file mode 100644 index b3d0319c28..0000000000 --- a/terraform/paas/ur.env.tfvars +++ /dev/null @@ -1,13 +0,0 @@ -paas_space = "get-into-teaching-test" -paas_monitoring_space = "get-into-teaching-monitoring" -paas_monitoring_app = "prometheus-prod-get-into-teaching" -paas_app_database_name = "get-into-teaching-app-ur-pg-git-svc" -paas_app_redis_name = "get-into-teaching-app-ur-redis-svc" -paas_app_application_name = "get-into-teaching-app-ur" -paas_app_route_name = "get-into-teaching-app-ur" -logging = 0 -instances = 1 -basic_auth = 0 -alerts = {} -azure_key_vault = "s146t01-kv" -azure_resource_group = "s146t01-rg" diff --git a/terraform/paas/variables.tf b/terraform/paas/variables.tf deleted file mode 100644 index 81333836d8..0000000000 --- a/terraform/paas/variables.tf +++ /dev/null @@ -1,102 +0,0 @@ -# These settings are for the sandbox and should mainly be overriden by TF_VARS -# or set with environment variables TF_VAR_xxxx - -variable "api_url" { - default = "https://api.london.cloud.service.gov.uk" -} - -variable "AZURE_CREDENTIALS" { default = "{}" } -variable "azure_key_vault" {} -variable "azure_resource_group" {} - -variable "application_stopped" { - default = false -} - -variable "timeout" { - default = 180 -} - -variable "azure_vault_secret" { - default = "CONTENT-KEYS" -} - -variable "paas_monitoring_space" {} - -variable "paas_space" { - default = "sandbox" -} - -variable "paas_app_database_name" { - type = string - default = null -} -variable "paas_app_redis_name" { - type = string - default = null -} - -variable "paas_app_redis_plan" { - default = "tiny-ha-6_x" -} - -variable "database_plan" { - default = "tiny-unencrypted-13" -} - -variable "paas_monitoring_app" {} - -variable "paas_org_name" { - default = "dfe" -} - -variable "instances" { - default = 1 -} - -variable "logging" { - default = 1 -} - -variable "basic_auth" { - default = 1 -} - -variable "paas_asset_hostnames" { - default = [] -} - -variable "paas_internet_hostnames" { - default = [] -} - -variable "paas_app_route_name" {} - -variable "paas_logging_name" { - default = "logit-ssl-drain" -} - -variable "paas_linked_services" { - default = [] -} - -variable "paas_app_application_name" { - default = "dfe-teacher-services-app" -} - -variable "paas_app_docker_image" { - default = "dfedigital/get-into-teaching-frontend:latest" -} - -variable "strategy" { - default = "blue-green" -} - -variable "alerts" { - type = map(any) -} - -variable "statuscake_enable_basic_auth" { - type = bool - default = false -} diff --git a/terraform/paas/versions.tf b/terraform/paas/versions.tf deleted file mode 100644 index 6e2e172305..0000000000 --- a/terraform/paas/versions.tf +++ /dev/null @@ -1,3 +0,0 @@ -terraform { - required_version = "1.2.8" -} From 7354bf5d667aa5fcf284e05e8f62a008363518b1 Mon Sep 17 00:00:00 2001 From: RMcVelia Date: Thu, 30 Nov 2023 11:53:25 +0000 Subject: [PATCH 2/2] Update local env to use s189 kv --- Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 290248ac23..d31dfe8492 100644 --- a/Makefile +++ b/Makefile @@ -34,8 +34,8 @@ DOCKER_IMAGE=get-into-teaching-app .PHONY: local local: - $(eval export KEY_VAULT=s146d01-local2-kv) - $(eval export AZURE_SUBSCRIPTION=s146-getintoteachingwebsite-development) + $(eval export KEY_VAULT=s189t01-git-local-app-kv) + $(eval export AZURE_SUBSCRIPTION=s189-teacher-services-cloud-test) .PHONY: review_aks review_aks: test-cluster @@ -73,7 +73,7 @@ install-fetch-config: || true setup-local-env: install-fetch-config set-azure-account - ./fetch_config.rb -s yaml-file:.env.development.yml -s azure-key-vault-secret:s146d01-local2-kv/${APPLICATION_SECRETS} -f shell-env-var > .env.development + ./fetch_config.rb -s yaml-file:.env.development.yml -s azure-key-vault-secret:s189t01-git-local-app-kv/${APPLICATION_SECRETS} -f shell-env-var > .env.development docker: docker build . -t ${DOCKER_IMAGE} @@ -198,11 +198,11 @@ production-cluster: get-cluster-credentials: set-azure-account az aks get-credentials --overwrite-existing -g ${CLUSTER_RESOURCE_GROUP_NAME} -n ${CLUSTER_NAME} -edit-app-secrets-aks: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv/${APPLICATION_SECRETS} -e -d azure-key-vault-secret:${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv/${APPLICATION_SECRETS} -f yaml -c +edit-local-secrets-aks: install-fetch-config set-azure-account + ./fetch_config.rb -s azure-key-vault-secret:s189t01-git-local-app-kv/${APPLICATION_SECRETS} -e -d azure-key-vault-secret:s189t01-git-local-app-kv/${APPLICATION_SECRETS} -f yaml -c -print-app-secrets-aks: install-fetch-config set-azure-account - ./fetch_config.rb -s azure-key-vault-secret:${AZURE_RESOURCE_PREFIX}-${SERVICE_SHORT}-${CONFIG_SHORT}-app-kv/${APPLICATION_SECRETS} -f yaml +print-local-secrets-aks: install-fetch-config set-azure-account + ./fetch_config.rb -s azure-key-vault-secret:s189t01-git-local-app-kv/${APPLICATION_SECRETS} -f yaml action-group-resources: set-azure-account # make env_aks action-group-resources ACTION_GROUP_EMAIL=notificationemail@domain.com . Must be run before setting enable_monitoring=true for each subscription $(if $(ACTION_GROUP_EMAIL), , $(error Please specify a notification email for the action group))