Merge pull request #8624 from ministryofjustice/date_2024_11_11

GitHub Actions Code Formatter workflow

terraform/environments/analytical-platform-ingestion/security-groups.tf

@@ -199,11 +199,11 @@ module "mojo_network_debug_security_group" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "5.2.0"
 
-  name        = "mojo-network-debug"
-  vpc_id      = module.connected_vpc.vpc_id
+  name   = "mojo-network-debug"
+  vpc_id = module.connected_vpc.vpc_id
 
-  egress_cidr_blocks  = ["0.0.0.0/0"]
-  egress_rules        = ["all-all"]
+  egress_cidr_blocks = ["0.0.0.0/0"]
+  egress_rules       = ["all-all"]
 
   tags = local.tags
 }

terraform/environments/cdpt-chaps/bastion_linux.json

@@ -17,4 +17,3 @@
     }
   }
 }
-

terraform/environments/cdpt-chaps/database.tf

@@ -38,13 +38,13 @@ resource "aws_security_group" "db" {
   name        = "${local.application_name}-db-sg"
   description = "Allow DB inbound traffic"
   vpc_id      = data.aws_vpc.shared.id
-  
+
   ingress {
-    from_port       = 1433
-    to_port         = 1433
-    protocol        = "tcp"
+    from_port = 1433
+    to_port   = 1433
+    protocol  = "tcp"
     security_groups = [
-      aws_security_group.ecs_service.id, 
+      aws_security_group.ecs_service.id,
       aws_security_group.chapsdotnet_service.id
     ]
   }

terraform/environments/cdpt-chaps/ecs.tf

@@ -77,13 +77,13 @@ resource "aws_ecs_task_definition" "chaps_task_definition" {
   network_mode             = "awsvpc"
   execution_role_arn       = aws_iam_role.app_execution.arn
   task_role_arn            = aws_iam_role.app_task.arn
-  container_definitions    = jsonencode([
+  container_definitions = jsonencode([
     {
-      name         = "chaps-container"
-      image        = "${local.ecr_url}:chaps-${local.application_data.accounts[local.environment].environment_name}"
-      cpu          = 1024
-      memory       = 2048
-      essential    = true
+      name      = "chaps-container"
+      image     = "${local.ecr_url}:chaps-${local.application_data.accounts[local.environment].environment_name}"
+      cpu       = 1024
+      memory    = 2048
+      essential = true
       portMappings = [
         {
           containerPort = local.application_data.accounts[local.environment].container_port
@@ -92,7 +92,7 @@ resource "aws_ecs_task_definition" "chaps_task_definition" {
       ]
       logConfiguration = {
         logDriver = "awslogs",
-        options   = {
+        options = {
           awslogs-group         = aws_cloudwatch_log_group.chaps_cloudwatch_group.name,
           awslogs-region        = "eu-west-2",
           awslogs-stream-prefix = "chaps"
@@ -131,19 +131,19 @@ resource "aws_ecs_task_definition" "chaps_task_definition" {
 }
 
 resource "aws_ecs_task_definition" "chapsdotnet_task" {
-  count = local.application_data.accounts[local.environment].create_chapsdotnet ? 1 : 0
+  count                    = local.application_data.accounts[local.environment].create_chapsdotnet ? 1 : 0
   family                   = "chapsdotnet-family"
   requires_compatibilities = ["EC2"]
   network_mode             = "awsvpc"
   execution_role_arn       = aws_iam_role.app_execution.arn
   task_role_arn            = aws_iam_role.app_task.arn
-  container_definitions    = jsonencode([
+  container_definitions = jsonencode([
     {
-      name         = "chapsdotnet-container"
-      image        = "${local.ecr_url}:chapsdotnet-${local.application_data.accounts[local.environment].environment_name}"
-      cpu          = 1024
-      memory       = 2048
-      essential    = true
+      name      = "chapsdotnet-container"
+      image     = "${local.ecr_url}:chapsdotnet-${local.application_data.accounts[local.environment].environment_name}"
+      cpu       = 1024
+      memory    = 2048
+      essential = true
       portMappings = [
         {
           containerPort = 8080
@@ -166,11 +166,11 @@ resource "aws_ecs_task_definition" "chapsdotnet_task" {
           value = "https://login.microsoftonline.com/"
         },
         {
-          name = "TenantId"
+          name  = "TenantId"
           value = "${local.application_data.accounts[local.environment].TenantId}"
         },
         {
-          name = "CallbackPath"
+          name  = "CallbackPath"
           value = "/signin-oidc"
         },
         {
@@ -203,7 +203,7 @@ resource "aws_ecs_task_definition" "chapsdotnet_task" {
     }
   ])
 }
-  
+
 
 resource "aws_key_pair" "ec2-user" {
   key_name   = "${local.application_name}-ec2"
@@ -268,7 +268,7 @@ resource "aws_ecs_service" "chapsdotnet_service" {
   force_new_deployment              = true
 
   deployment_minimum_healthy_percent = 50
-  deployment_maximum_percent         = 200  
+  deployment_maximum_percent         = 200
 
   capacity_provider_strategy {
     capacity_provider = aws_ecs_capacity_provider.chaps.name
@@ -605,10 +605,10 @@ resource "aws_security_group" "ecs_service" {
   }
 
   ingress {
-    description     = "Allow HTTP traffic from chapsdotnet container"
-    from_port       = 80
-    to_port         = 80
-    protocol        = "tcp"
+    description = "Allow HTTP traffic from chapsdotnet container"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
     cidr_blocks = [data.aws_vpc.shared.cidr_block]
   }
 
@@ -624,7 +624,7 @@ resource "aws_security_group" "ecs_service" {
 resource "aws_security_group" "chapsdotnet_service" {
   name_prefix = "chapsdotnet-service-sg-"
   description = "Allow traffic for chapsdotnet service"
-  vpc_id = data.aws_vpc.shared.id
+  vpc_id      = data.aws_vpc.shared.id
 
   ingress {
     from_port       = 8080
@@ -641,7 +641,7 @@ resource "aws_security_group" "chapsdotnet_service" {
   }
 
   tags = merge(
-    local.tags, 
+    local.tags,
     {
       Name = "chapsdotnet-service-sg"
     }

terraform/environments/cdpt-chaps/loadbalancer.tf

@@ -22,30 +22,30 @@ resource "random_string" "chaps_target_group_name" {
   special = false
 }
 
-  resource "aws_lb_target_group" "chapsdotnet_target_group" {
-    name_prefix = "dotnet"
-    port = 8080
-    protocol = "HTTP"
-    vpc_id = data.aws_vpc.shared.id 
-    target_type = "ip"
-    deregistration_delay = 30
-
-    stickiness {
-      type = "lb_cookie"
-    }
-
-    health_check {
-      path                = "/health"
-      port                = "8080"
-      healthy_threshold   = "5"
-      interval            = "30"
-      protocol            = "HTTP"
-      unhealthy_threshold = "2"
-      matcher             = "200-499"
-      timeout             = "5"
-    }
-
-    lifecycle {
+resource "aws_lb_target_group" "chapsdotnet_target_group" {
+  name_prefix          = "dotnet"
+  port                 = 8080
+  protocol             = "HTTP"
+  vpc_id               = data.aws_vpc.shared.id
+  target_type          = "ip"
+  deregistration_delay = 30
+
+  stickiness {
+    type = "lb_cookie"
+  }
+
+  health_check {
+    path                = "/health"
+    port                = "8080"
+    healthy_threshold   = "5"
+    interval            = "30"
+    protocol            = "HTTP"
+    unhealthy_threshold = "2"
+    matcher             = "200-499"
+    timeout             = "5"
+  }
+
+  lifecycle {
     create_before_destroy = true
     ignore_changes        = [name]
   }

terraform/environments/cdpt-chaps/outputs.tf

@@ -3,7 +3,7 @@ output "chaps_task_definition" {
 }
 
 output "chapsdotnet_task_definition" {
-  value = length(aws_ecs_task_definition.chapsdotnet_task) > 0 ? aws_ecs_task_definition.chapsdotnet_task[0].arn : null
+  value       = length(aws_ecs_task_definition.chapsdotnet_task) > 0 ? aws_ecs_task_definition.chapsdotnet_task[0].arn : null
   description = "The ARN of the chapsdotnet task definition, if it exists."
 }
 

terraform/environments/digital-prison-reporting/cloudtrail.tf

@@ -11,8 +11,8 @@ resource "aws_cloudtrail" "trail" {
   s3_bucket_name                = module.s3_audit_logging_bucket.bucket_id
   s3_key_prefix                 = "cloud_trail"
   include_global_service_events = true
-  enable_log_file_validation = true
-  kms_key_id = var.kms_id
+  enable_log_file_validation    = true
+  kms_key_id                    = var.kms_id
 
   event_selector {
     read_write_type           = "All"

terraform/environments/electronic-monitoring-data/application_variables.json

@@ -15,9 +15,7 @@
           "resource_shares": [
             {
               "glue_database": "dms_data_validation",
-              "glue_tables": [
-                "*"
-              ]
+              "glue_tables": ["*"]
             }
           ]
         }
@@ -33,15 +31,11 @@
           "target_account_id": "593291632749",
           "assume_account_name": "analytical-platform-management-production",
           "assume_account_id": "042130406152",
-          "data_locations": [
-            "emds-test-bucket-name"
-          ],
+          "data_locations": ["emds-test-bucket-name"],
           "resource_shares": [
             {
               "glue_database": "test_db_name",
-              "glue_tables": [
-                "*"
-              ]
+              "glue_tables": ["*"]
             }
           ]
         }
@@ -62,20 +56,16 @@
           "target_account_id": "593291632749",
           "assume_account_name": "analytical-platform-management-production",
           "assume_account_id": "042130406152",
-          "data_locations": [
-            "emds-prod-bucket-name"
-          ],
+          "data_locations": ["emds-prod-bucket-name"],
           "resource_shares": [
             {
               "glue_database": "capita_alcohol_monitoring",
-              "glue_tables": [
-                "*"
-              ]
+              "glue_tables": ["*"]
             }
           ]
         }
       ],
       "enable_airflow_secret": true
     }
   }
-}
+}

terraform/environments/electronic-monitoring-data/dms_data_validation_glue_job.tf

@@ -372,7 +372,7 @@ resource "aws_cloudwatch_log_group" "dms_dv_cw_log_group" {
 
 resource "aws_glue_job" "catalog_dv_table_glue_job" {
   count = local.gluejob_count
-  
+
   name              = "catalog-dv-table-glue-job"
   description       = "Python script uses Boto3-Athena-Client to run sql-statements"
   role_arn          = aws_iam_role.dms_dv_glue_job_iam_role.arn

terraform/environments/electronic-monitoring-data/dms_data_validation_glue_job_v2.tf

@@ -318,7 +318,7 @@ resource "aws_s3_object" "parquet_resize_or_partitionby_yyyy_mm_dd" {
 
 resource "aws_glue_job" "parquet_resize_or_partitionby_yyyy_mm_dd" {
   count = local.gluejob_count
-  
+
   name              = "parquet-resize-or-partitionby-yyyy-mm-dd"
   description       = "Table migration & validation Glue-Job (PySpark)."
   role_arn          = aws_iam_role.glue_mig_and_val_iam_role.arn

terraform/environments/electronic-monitoring-data/glue_locals.tf

@@ -1,3 +1,3 @@
 locals {
-    gluejob_count = local.is-production || local.is-development ? 1 : 0
+  gluejob_count = local.is-production || local.is-development ? 1 : 0
 }

terraform/environments/electronic-monitoring-data/modules/export_bucket_presigned_url/main.tf

@@ -72,7 +72,7 @@ module "this-bucket" {
         }
       ]
     }
-  ] : [    
+    ] : [
     {
       sid     = "AllowedIPs"
       effect  = "Deny"

terraform/environments/electronic-monitoring-data/platform_locals.tf

@@ -22,7 +22,7 @@ locals {
     { "source-code" = "https://github.com/ministryofjustice/modernisation-platform-environments" }
   )
 
-  environment     = trimprefix(terraform.workspace, "${var.networking[0].application}-")
+  environment = trimprefix(terraform.workspace, "${var.networking[0].application}-")
   environment_map = {
     "production"    = "prod"
     "preproduction" = "preprod"

terraform/environments/electronic-monitoring-data/s3.tf

@@ -656,11 +656,11 @@ module "s3-p1-export-bucket" {
 module "s3-serco-export-bucket" {
   source = "./modules/export_bucket_presigned_url/"
 
-  allowed_ips             = null
-  export_destination      = "serco-historic"
-  local_bucket_prefix     = local.bucket_prefix
-  local_tags              = local.tags
-  logging_bucket          = module.s3-logging-bucket
+  allowed_ips         = null
+  export_destination  = "serco-historic"
+  local_bucket_prefix = local.bucket_prefix
+  local_tags          = local.tags
+  logging_bucket      = module.s3-logging-bucket
 
   providers = {
     aws = aws

terraform/environments/ppud/alb_external.tf

@@ -83,8 +83,8 @@ resource "aws_lb_target_group_attachment" "PPUD-PORTAL-1" {
 
 # WAM Internet Facing ALB
 
-  #tfsec:ignore:AWS0053 "The load balancer is internet facing by design."
-  #tfsec:ignore:AVD-AWS-0053
+#tfsec:ignore:AWS0053 "The load balancer is internet facing by design."
+#tfsec:ignore:AVD-AWS-0053
 resource "aws_lb" "WAM-ALB" {
   # checkov:skip=CKV2_AWS_28: "ALB is already protected by WAF"
   # checkov:skip=CKV_AWS_152: "ALB target groups only have 2 targets so cross zone load balancing is not required"

terraform/environments/ppud/certificate_mgmt.tf

@@ -103,7 +103,7 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_uat" {
   timeout                        = 30
   reserved_concurrent_executions = 5
   code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-preproduction"]}:code-signing-config:csc-0db408c5170a8eba6"
-  depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_uat]
+  depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_uat]
   environment {
     variables = {
       EXPIRY_DAYS   = "45",
@@ -181,7 +181,7 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_prod" {
   timeout                        = 30
   reserved_concurrent_executions = 5
   code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-production"]}:code-signing-config:csc-0bafee04a642a41c1"
-  depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_prod]
+  depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_prod]
   environment {
     variables = {
       EXPIRY_DAYS   = "45",