Skip to content

Commit

Permalink
Merge pull request #6497 from ministryofjustice/date_2024_06_10
Browse files Browse the repository at this point in the history
GitHub Actions Code Formatter workflow
  • Loading branch information
ASTRobinson authored Jun 10, 2024
2 parents 13ce277 + 67cee06 commit 9273feb
Show file tree
Hide file tree
Showing 72 changed files with 1,187 additions and 1,199 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer-lock.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@
"integrity": "sha256:af3b3891cf31ff373df29998c690257d6f21f2ee4536bc4d692856408ef0c83a"
}
}
}
}
4 changes: 2 additions & 2 deletions terraform/environments/apex/backups.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ resource "aws_backup_vault" "apex" {

data "aws_iam_policy_document" "apex" {
statement {
sid = "Allow local account basic permissions to the vault"
sid = "Allow local account basic permissions to the vault"
effect = "Allow"

principals {
Expand All @@ -39,7 +39,7 @@ data "aws_iam_policy_document" "apex" {
resources = [aws_backup_vault.apex.arn]
}
statement {
sid = "Allow copying of recovery points from Landing Zone"
sid = "Allow copying of recovery points from Landing Zone"
effect = "Allow"

principals {
Expand Down
12 changes: 6 additions & 6 deletions terraform/environments/apex/cloudfront.tf
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
locals {
lower_env_cloudfront_url = "${local.application_name}.${data.aws_route53_zone.external.name}"
# TODO: The production CloudFront FQDN is to be determined
prod_fqdn = data.aws_route53_zone.production_network_services.name
prod_fqdn = data.aws_route53_zone.production_network_services.name
cloudfront_alias = local.environment == "production" ? local.prod_fqdn : local.lower_env_cloudfront_url
custom_header = "X-Custom-Header-LAA-${upper(local.application_name)}"

custom_header = "X-Custom-Header-LAA-${upper(local.application_name)}"

cloudfront_default_cache_behavior = {
smooth_streaming = false
Expand Down Expand Up @@ -123,7 +123,7 @@ resource "aws_s3_bucket" "cloudfront" {
resource "aws_s3_bucket_ownership_controls" "cloudfront" {
bucket = aws_s3_bucket.cloudfront.id
rule {
object_ownership = local.environment == "production" ? "ObjectWriter": "BucketOwnerPreferred"
object_ownership = local.environment == "production" ? "ObjectWriter" : "BucketOwnerPreferred"
}
}

Expand Down Expand Up @@ -154,7 +154,7 @@ resource "aws_s3_bucket_public_access_block" "cloudfront" {
}

resource "aws_s3_bucket_lifecycle_configuration" "cloudfront" {
count = local.environment == "production" ? 1 : 0
count = local.environment == "production" ? 1 : 0
bucket = aws_s3_bucket.cloudfront.id

rule {
Expand All @@ -166,7 +166,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "cloudfront" {

noncurrent_version_expiration {
newer_noncurrent_versions = 1
noncurrent_days = 90
noncurrent_days = 90
}

status = "Enabled"
Expand Down
28 changes: 14 additions & 14 deletions terraform/environments/apex/ec2.tf
Original file line number Diff line number Diff line change
Expand Up @@ -93,12 +93,12 @@ resource "aws_vpc_security_group_ingress_rule" "db_ecs" {
}

resource "aws_vpc_security_group_ingress_rule" "db_mp_vpc" {
security_group_id = aws_security_group.database.id
description = "Allow MP VPC (OAS) to access database instance"
cidr_ipv4 = data.aws_vpc.shared.cidr_block
from_port = 1521
ip_protocol = "tcp"
to_port = 1521
security_group_id = aws_security_group.database.id
description = "Allow MP VPC (OAS) to access database instance"
cidr_ipv4 = data.aws_vpc.shared.cidr_block
from_port = 1521
ip_protocol = "tcp"
to_port = 1521
}

resource "aws_vpc_security_group_ingress_rule" "db_lambda" {
Expand All @@ -111,18 +111,18 @@ resource "aws_vpc_security_group_ingress_rule" "db_lambda" {
}

resource "aws_vpc_security_group_ingress_rule" "db_workspace" {
security_group_id = aws_security_group.database.id
description = "Database listener port access to Workspaces"
cidr_ipv4 = local.application_data.accounts[local.environment].workspace_cidr
from_port = 1521
ip_protocol = "tcp"
to_port = 1521
security_group_id = aws_security_group.database.id
description = "Database listener port access to Workspaces"
cidr_ipv4 = local.application_data.accounts[local.environment].workspace_cidr
from_port = 1521
ip_protocol = "tcp"
to_port = 1521
}

resource "aws_vpc_security_group_egress_rule" "db_outbound" {
security_group_id = aws_security_group.database.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
}


Expand Down
2 changes: 1 addition & 1 deletion terraform/environments/apex/efs.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
resource "aws_kms_key" "efs" {
description = "KMS key for encrypting EFS"
# enable_key_rotation = true
tags = local.tags
tags = local.tags
}

resource "aws_kms_key_policy" "efs" {
Expand Down
4 changes: 2 additions & 2 deletions terraform/environments/apex/event_triggers.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_fri" {
}

resource "aws_cloudwatch_event_target" "deletesnapshotFunctioncheck_mon_fri" {
rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name
arn = aws_lambda_function.delete_db_snapshots.arn
rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name
arn = aws_lambda_function.delete_db_snapshots.arn
}
22 changes: 11 additions & 11 deletions terraform/environments/apex/lambda.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
locals {
create_db_snapshots_script_prefix = "dbsnapshot"
delete_db_snapshots_script_prefix = "deletesnapshots"
db_connect_script_prefix = "dbconnect"
db_connect_script_prefix = "dbconnect"
}

resource "aws_ssm_parameter" "ssh_key" {
Expand Down Expand Up @@ -48,8 +48,8 @@ resource "aws_iam_role" "backup_lambda" {
}

resource "aws_iam_policy" "backup_lambda" { #tfsec:ignore:aws-iam-no-policy-wildcards
name = "${local.application_name}-${local.environment}-backup-lambda-policy"
tags = merge(
name = "${local.application_name}-${local.environment}-backup-lambda-policy"
tags = merge(
local.tags,
{ Name = "${local.application_name}-${local.environment}-backup-lambda-policy" }
)
Expand Down Expand Up @@ -100,7 +100,7 @@ resource "aws_iam_role_policy_attachment" "backup_lambda" {

resource "aws_s3_bucket" "backup_lambda" {
bucket = "${local.application_name}-${local.environment}-backup-lambda"
tags = merge(
tags = merge(
local.tags,
{ Name = "${local.application_name}-${local.environment}-backup-lambda" }
)
Expand All @@ -110,7 +110,7 @@ resource "aws_s3_object" "provision_files" {
bucket = aws_s3_bucket.backup_lambda.id
for_each = fileset("./zipfiles/", "**")
key = each.value
source = "./zipfiles/${each.value}"
source = "./zipfiles/${each.value}"
content_type = "application/zip"
source_hash = filemd5("./zipfiles/${each.value}")
}
Expand Down Expand Up @@ -201,15 +201,15 @@ resource "aws_security_group" "backup_lambda" {
}

resource "aws_lambda_layer_version" "backup_lambda" {
layer_name = "SSHNodeJSLayer"
description = "A layer to add ssh libs to lambda"
license_info = "Apache-2.0"
s3_bucket = aws_s3_bucket.backup_lambda.id
s3_key = "nodejs.zip"
layer_name = "SSHNodeJSLayer"
description = "A layer to add ssh libs to lambda"
license_info = "Apache-2.0"
s3_bucket = aws_s3_bucket.backup_lambda.id
s3_key = "nodejs.zip"
source_code_hash = filebase64sha256("zipfiles/nodejs.zip")

compatible_runtimes = ["nodejs18.x"]
depends_on = [time_sleep.wait_for_provision_files] # This resource creation will be delayed to ensure object exists in the bucket
depends_on = [time_sleep.wait_for_provision_files] # This resource creation will be delayed to ensure object exists in the bucket
}

resource "aws_lambda_function" "create_db_snapshots" {
Expand Down
2 changes: 1 addition & 1 deletion terraform/environments/apex/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
locals {

database_ec2_name = "${local.application_name} Database Server"

#Lambda files
dbsnapshot_source_file = "dbsnapshot.js"
deletesnapshot_source_file = "deletesnapshots.py"
Expand Down
8 changes: 4 additions & 4 deletions terraform/environments/apex/modules/alb/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ locals {

loadbalancer_ingress_rules = {
"lb_ingress" = {
description = "Loadbalancer ingress rule from CloudFront"
from_port = var.security_group_ingress_from_port
to_port = var.security_group_ingress_to_port
protocol = var.security_group_ingress_protocol
description = "Loadbalancer ingress rule from CloudFront"
from_port = var.security_group_ingress_from_port
to_port = var.security_group_ingress_to_port
protocol = var.security_group_ingress_protocol
prefix_list_ids = [data.aws_ec2_managed_prefix_list.cloudfront.id]
}
}
Expand Down
10 changes: 5 additions & 5 deletions terraform/environments/apex/modules/ecs/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ data "aws_subnets" "shared-private" {
}

resource "aws_autoscaling_group" "cluster-scaling-group" {
vpc_zone_identifier = sort(data.aws_subnets.shared-private.ids)
name = "${var.app_name}-cluster-scaling-group"
desired_capacity = var.ec2_desired_capacity
max_size = var.ec2_max_size
min_size = var.ec2_min_size
vpc_zone_identifier = sort(data.aws_subnets.shared-private.ids)
name = "${var.app_name}-cluster-scaling-group"
desired_capacity = var.ec2_desired_capacity
max_size = var.ec2_max_size
min_size = var.ec2_min_size
# protect_from_scale_in = true

launch_template {
Expand Down
4 changes: 2 additions & 2 deletions terraform/environments/ccms-ebs-upgrade/sns.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#### Secret for support email address ###
resource "aws_secretsmanager_secret" "support_email_account" {
name = "support_email_account"
description = "email address of the support account for cw alerts"
name = "support_email_account"
description = "email address of the support account for cw alerts"
recovery_window_in_days = local.is-production ? 30 : 0
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"ec2_max_size": 3,
"ec2_min_size": 2,
"ami_image_id": "ami-0cf98f96c2bae561e",
"instance_type": "t3.large",
"instance_type": "t3.large",
"container_port": 80,
"client_id": "2e2cc8ad-7b64-41b9-93a1-c16b9a00b34f"
},
Expand Down
10 changes: 5 additions & 5 deletions terraform/environments/cdpt-chaps/ecs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -250,11 +250,11 @@ resource "aws_security_group" "cluster_ec2" {
}

egress {
description = "Cluster EC2 loadbalancer egress rule"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
description = "Cluster EC2 loadbalancer egress rule"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}

tags = merge(
Expand Down
22 changes: 11 additions & 11 deletions terraform/environments/cdpt-chaps/loadbalancer.tf
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ module "lb_access_logs_enabled" {
region = "eu-west-2"
enable_deletion_protection = false
idle_timeout = 60
tags = { Name = "lb_module" }
tags = { Name = "lb_module" }

}

Expand All @@ -107,8 +107,8 @@ resource "aws_lb_target_group" "chaps_target_group" {
deregistration_delay = 30

stickiness {
type = "lb_cookie"
}
type = "lb_cookie"
}

health_check {
healthy_threshold = "5"
Expand All @@ -119,12 +119,12 @@ resource "aws_lb_target_group" "chaps_target_group" {
timeout = "5"
}

lifecycle {
lifecycle {
create_before_destroy = true
ignore_changes = [name]
ignore_changes = [name]
}

tags = {
tags = {
Name = "chaps-target-group-${random_string.chaps_target_group_name.result}"
}
}
Expand All @@ -142,7 +142,7 @@ resource "aws_security_group" "chaps_lb_sc" {
cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"]
}

egress {
egress {
description = "Open all outbound ports"
from_port = 0
to_port = 0
Expand All @@ -157,10 +157,10 @@ resource "aws_security_group" "chaps_target_sc" {
vpc_id = data.aws_vpc.shared.id

ingress {
description = "allow traffic from load balancer"
from_port = 80
to_port = 80
protocol = "tcp"
description = "allow traffic from load balancer"
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [module.lb_access_logs_enabled.security_group.id]
}

Expand Down
30 changes: 15 additions & 15 deletions terraform/environments/cdpt-chaps/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,25 @@ locals {
cluster_name = "${local.application_name}-ecs-cluster"
}))

loadbalancer_ingress_rules = {
"cluster_ec2_lb_ingress" = {
description = "allow access on HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"]
security_groups = []
loadbalancer_ingress_rules = {
"cluster_ec2_lb_ingress" = {
description = "allow access on HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"]
security_groups = []
}
}
}

loadbalancer_egress_rules = {
"cluster_ec2_lb_egress" = {
description = "Open all outbound ports"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_groups = []
description = "Open all outbound ports"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_groups = []
}
}
}
Loading

0 comments on commit 9273feb

Please sign in to comment.