diff --git a/terraform/account/locals.tf b/terraform/account/locals.tf index 7c24059342..d4920c23b5 100644 --- a/terraform/account/locals.tf +++ b/terraform/account/locals.tf @@ -1,51 +1,3 @@ -variable "pagerduty_token" { - type = string - description = "Token for the PagerDuty API" -} - -variable "account_mapping" { - type = map(string) -} - -variable "lambda_container_version" { - description = "The version of the lambda container to use" - type = string - default = "latest" -} -variable "accounts" { - type = map( - object({ - account_id = string - shared_account_id = number - is_production = bool - retention_in_days = number - pagerduty_service_name = string - pagerduty_service_id = string - opg_metrics = object({ - enabled = bool - api_key_secretsmanager_name = string - endpoint_url = string - }) - dns_firewall = object({ - enabled = bool - domains_allowed = list(string) - domains_blocked = list(string) - }) - dynamodb_cloudtrail = object({ - enabled = bool - trail_name_suffix = string - bucket_name_suffix = string - }) - s3_access_log_bucket_name = string - regions = map( - object({ - enabled = bool - }) - ) - }) - ) -} - locals { account_name = lookup(var.account_mapping, terraform.workspace, "development") account = var.accounts[local.account_name] diff --git a/terraform/account/variables.tf b/terraform/account/variables.tf new file mode 100644 index 0000000000..761494ca4a --- /dev/null +++ b/terraform/account/variables.tf @@ -0,0 +1,50 @@ +variable "pagerduty_token" { + type = string + description = "Token for the PagerDuty API" +} + +variable "account_mapping" { + type = map(string) + description = "Mapping of account names to account names. This is used so that development can be the default account name for ephemeral environments" +} + +variable "lambda_container_version" { + description = "The version of the lambda container to use" + type = string + default = "latest" +} + +variable "accounts" { + type = map( + object({ + account_id = string + shared_account_id = number + is_production = bool + retention_in_days = number + pagerduty_service_name = string + pagerduty_service_id = string + opg_metrics = object({ + enabled = bool + api_key_secretsmanager_name = string + endpoint_url = string + }) + dns_firewall = object({ + enabled = bool + domains_allowed = list(string) + domains_blocked = list(string) + }) + dynamodb_cloudtrail = object({ + enabled = bool + trail_name_suffix = string + bucket_name_suffix = string + }) + s3_access_log_bucket_name = string + regions = map( + object({ + enabled = bool + }) + ) + }) + ) + description = "Map of account names to account details" +} diff --git a/terraform/environment/locals.tf b/terraform/environment/locals.tf index d354d117fe..96a6730a6e 100644 --- a/terraform/environment/locals.tf +++ b/terraform/environment/locals.tf @@ -1,122 +1,3 @@ -variable "pagerduty_token" { - type = string -} - -variable "container_version" { - type = string - default = "latest" -} - -variable "admin_container_version" { - type = string - default = "latest" -} - -variable "public_access_enabled" { - type = bool - default = false -} - -output "container_version" { - value = var.container_version -} - -output "admin_container_version" { - value = var.admin_container_version -} - -output "workspace_name" { - value = terraform.workspace -} - -variable "environments" { - type = map( - object({ - account_id = string - account_name = string - autoscaling = object({ - use = object({ - minimum = number - maximum = number - }) - view = object({ - minimum = number - maximum = number - }) - api = object({ - minimum = number - maximum = number - }) - pdf = object({ - minimum = number - maximum = number - }) - }) - cookie_expires_use = number - cookie_expires_view = number - google_analytics_id_use = string - google_analytics_id_view = string - have_a_backup_plan = bool - is_production = bool - log_retention_in_days = number - logging_level = number - lpa_codes_endpoint = string - iap_images_endpoint = string - lpas_collection_endpoint = string - pagerduty_service_name = string - pagerduty_service_id = string - session_expires_use = number - session_expires_view = number - session_expires_admin = number - session_expiry_warning = number - ship_metrics_queue_enabled = bool - sirius_account_id = string - load_balancer_deletion_protection_enabled = bool - notify_key_secret_name = string - associate_alb_with_waf_web_acl_enabled = bool - pdf_container_version = string - deploy_opentelemetry_sidecar = bool - fargate_spot = bool - application_flags = object({ - allow_gov_one_login = bool - use_older_lpa_journey = bool - delete_lpa_feature = bool - allow_meris_lpas = bool - dont_send_lpas_registered_after_sep_2019_to_cleansing_team = bool - instructions_and_preferences = bool - }) - dynamodb_tables = object({ - actor_codes = object({ - name = string - }) - actor_users = object({ - name = string - }) - viewer_codes = object({ - name = string - }) - viewer_activity = object({ - name = string - }) - user_lpa_actor_map = object({ - name = string - }) - stats = object({ - name = string - }) - }), - regions = map( - object({ - enabled = bool // Are we creating resources other than DynamoDB tables in this region? (e.g. ECS services, ALBs, etc.) - name = string // The name of the region (e.g. eu-west-2) - is_active = bool // Is this the region that is currently receiving traffic? Only one region should be active at a time. - is_primary = bool // Is this the region where the primary DynamoDB tables are located? The primary region should not be changed once set. - }) - ) - }) - ) -} - locals { environment_name = lower(replace(terraform.workspace, "_", "-")) environment = contains(keys(var.environments), local.environment_name) ? var.environments[local.environment_name] : var.environments["default"] diff --git a/terraform/environment/outputs.tf b/terraform/environment/outputs.tf index 741e5b68f8..e8ab106a58 100644 --- a/terraform/environment/outputs.tf +++ b/terraform/environment/outputs.tf @@ -1,11 +1,29 @@ output "admin_domain" { - value = "https://${local.cluster_config.admin_fqdn}" + value = "https://${local.cluster_config.admin_fqdn}" + description = "The URL of the admin interface" } output "public_facing_use_domain" { - value = "https://${local.cluster_config.public_facing_use_fqdn}" + value = "https://${local.cluster_config.public_facing_use_fqdn}" + description = "The URL of the public facing use interface" } output "public_facing_view_domain" { - value = "https://${local.cluster_config.public_facing_view_fqdn}" -} \ No newline at end of file + value = "https://${local.cluster_config.public_facing_view_fqdn}" + description = "The URL of the public facing view interface" +} + +output "container_version" { + value = var.container_version + description = "The tag of the container image that has been deployed" +} + +output "admin_container_version" { + value = var.admin_container_version + description = "The tag of the admin container image that has been deployed" +} + +output "workspace_name" { + value = terraform.workspace + description = "The name of the Terraform workspace" +} diff --git a/terraform/environment/variables.tf b/terraform/environment/variables.tf new file mode 100644 index 0000000000..cf545ccfe0 --- /dev/null +++ b/terraform/environment/variables.tf @@ -0,0 +1,111 @@ +variable "pagerduty_token" { + type = string + description = "PagerDuty API token" +} + +variable "container_version" { + type = string + default = "latest" + description = "The version of the ECS container images to deploy" +} + +variable "admin_container_version" { + type = string + default = "latest" + description = "The version of the admin container image to deploy" +} + +variable "public_access_enabled" { + type = bool + default = false + description = "Whether to enable public access from the Internet to the front end via an ALB" +} + +variable "environments" { + type = map( + object({ + account_id = string + account_name = string + autoscaling = object({ + use = object({ + minimum = number + maximum = number + }) + view = object({ + minimum = number + maximum = number + }) + api = object({ + minimum = number + maximum = number + }) + pdf = object({ + minimum = number + maximum = number + }) + }) + cookie_expires_use = number + cookie_expires_view = number + google_analytics_id_use = string + google_analytics_id_view = string + have_a_backup_plan = bool + is_production = bool + log_retention_in_days = number + logging_level = number + lpa_codes_endpoint = string + iap_images_endpoint = string + lpas_collection_endpoint = string + pagerduty_service_name = string + pagerduty_service_id = string + session_expires_use = number + session_expires_view = number + session_expires_admin = number + session_expiry_warning = number + ship_metrics_queue_enabled = bool + sirius_account_id = string + load_balancer_deletion_protection_enabled = bool + notify_key_secret_name = string + associate_alb_with_waf_web_acl_enabled = bool + pdf_container_version = string + deploy_opentelemetry_sidecar = bool + fargate_spot = bool + application_flags = object({ + allow_gov_one_login = bool + use_older_lpa_journey = bool + delete_lpa_feature = bool + allow_meris_lpas = bool + dont_send_lpas_registered_after_sep_2019_to_cleansing_team = bool + instructions_and_preferences = bool + }) + dynamodb_tables = object({ + actor_codes = object({ + name = string + }) + actor_users = object({ + name = string + }) + viewer_codes = object({ + name = string + }) + viewer_activity = object({ + name = string + }) + user_lpa_actor_map = object({ + name = string + }) + stats = object({ + name = string + }) + }), + regions = map( + object({ + enabled = bool // Are we creating resources other than DynamoDB tables in this region? (e.g. ECS services, ALBs, etc.) + name = string // The name of the region (e.g. eu-west-2) + is_active = bool // Is this the region that is currently receiving traffic? Only one region should be active at a time. + is_primary = bool // Is this the region where the primary DynamoDB tables are located? The primary region should not be changed once set. + }) + ) + }) + ) + description = "A map of environment names to environment configurations" +}