From 6258e442e7a873615feee101e5dc800676ce613d Mon Sep 17 00:00:00 2001 From: TomJKing Date: Fri, 29 Nov 2024 09:41:06 +0000 Subject: [PATCH 1/4] Change Keycloak host name format --- da-terraform-configurations | 2 +- da-terraform-modules | 2 +- root_keycloak.tf | 8 ++++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/da-terraform-configurations b/da-terraform-configurations index 0a9b6a2..1f027d2 160000 --- a/da-terraform-configurations +++ b/da-terraform-configurations @@ -1 +1 @@ -Subproject commit 0a9b6a2a6726d6605015b0419cc2c6562731c04a +Subproject commit 1f027d2bd6e65606469faaf2ce01c49f0cef2d90 diff --git a/da-terraform-modules b/da-terraform-modules index 96fc86a..22e0f0c 160000 --- a/da-terraform-modules +++ b/da-terraform-modules @@ -1 +1 @@ -Subproject commit 96fc86ac897ec84a54989df527300c4db3c94a6d +Subproject commit 22e0f0c6c86885a1b0864ec6a50e852bcb68bdaf diff --git a/root_keycloak.tf b/root_keycloak.tf index b003a2e..d2c346f 100644 --- a/root_keycloak.tf +++ b/root_keycloak.tf @@ -1,3 +1,7 @@ +locals { + app_port = 8080 +} + module "keycloak_cloudwatch" { source = "./tdr-terraform-modules/cloudwatch_logs" common_tags = local.common_tags @@ -104,7 +108,7 @@ module "tdr_keycloak_ecs" { common_tags = local.common_tags container_definition = templatefile("${path.module}/templates/ecs_tasks/keycloak.json.tpl", { app_image = "${local.ecr_account_number}.dkr.ecr.eu-west-2.amazonaws.com/auth-server:${local.environment}" - app_port = 8080 + app_port = local.app_port app_environment = local.environment aws_region = local.region url_path = local.keycloak_db_url @@ -122,7 +126,7 @@ module "tdr_keycloak_ecs" { reporting_client_secret_path = local.keycloak_reporting_client_secret_name rotate_client_secrets_client_path = local.keycloak_rotate_secrets_client_secret_name sns_topic_arn = module.notifications_topic.sns_arn - keycloak_host = "auth.${local.environment_domain}" + keycloak_host = "https://auth.${local.environment_domain}:${local.app_port}" block_shared_pages = local.block_shared_keycloak_pages }) container_name = "keycloak" From 26b90643a7ccabaf329c8fb8d009dc5d63f60c2f Mon Sep 17 00:00:00 2001 From: TomJKing Date: Fri, 29 Nov 2024 09:46:07 +0000 Subject: [PATCH 2/4] Run 'terraform fmt' --- root_keycloak.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root_keycloak.tf b/root_keycloak.tf index d2c346f..5692e2b 100644 --- a/root_keycloak.tf +++ b/root_keycloak.tf @@ -1,5 +1,5 @@ locals { - app_port = 8080 + app_port = 8080 } module "keycloak_cloudwatch" { From 6c717170a44ab5cb04cf80292bfcf07abcdad6a9 Mon Sep 17 00:00:00 2001 From: TomJKing Date: Mon, 2 Dec 2024 14:07:12 +0000 Subject: [PATCH 3/4] Resource updates to support Keycloak upgrade --- root_keycloak.tf | 12 +++++------- tdr-terraform-modules | 2 +- templates/ecs_tasks/keycloak.json.tpl | 4 ++++ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/root_keycloak.tf b/root_keycloak.tf index 558aff5..ad0eb36 100644 --- a/root_keycloak.tf +++ b/root_keycloak.tf @@ -1,7 +1,3 @@ -locals { - app_port = 8080 -} - module "keycloak_cloudwatch" { source = "./tdr-terraform-modules/cloudwatch_logs" common_tags = local.common_tags @@ -71,7 +67,8 @@ module "keycloak_ecs_security_group" { vpc_id = module.shared_vpc.vpc_id common_tags = local.common_tags ingress_security_group_rules = [ - { port = 8080, security_group_id = module.keycloak_alb_security_group.security_group_id, description = "Allow the load balancer to access the task" } + { port = 8080, security_group_id = module.keycloak_alb_security_group.security_group_id, description = "Allow the load balancer to access the task" }, + { port = 9000, security_group_id = module.keycloak_alb_security_group.security_group_id, description = "Allow the load balancer to access the task health endpoints" } ] egress_cidr_rules = [{ port = 0, cidr_blocks = ["0.0.0.0/0"], description = "Allow outbound access on all ports", protocol = "-1" }] } @@ -108,7 +105,7 @@ module "tdr_keycloak_ecs" { common_tags = local.common_tags container_definition = templatefile("${path.module}/templates/ecs_tasks/keycloak.json.tpl", { app_image = "${local.ecr_account_number}.dkr.ecr.eu-west-2.amazonaws.com/auth-server:${local.environment}" - app_port = local.app_port + app_port = 8080 app_environment = local.environment aws_region = local.region url_path = local.keycloak_db_url @@ -126,7 +123,7 @@ module "tdr_keycloak_ecs" { reporting_client_secret_path = local.keycloak_reporting_client_secret_name rotate_client_secrets_client_path = local.keycloak_rotate_secrets_client_secret_name sns_topic_arn = module.notifications_topic.sns_arn - keycloak_host = "https://auth.${local.environment_domain}:${local.app_port}" + keycloak_host = "auth.${local.environment_domain}" block_shared_pages = local.block_shared_keycloak_pages }) container_name = "keycloak" @@ -150,6 +147,7 @@ module "keycloak_tdr_alb" { alb_log_bucket = module.alb_logs_s3.s3_bucket_id alb_security_group_id = module.keycloak_alb_security_group.security_group_id alb_target_group_port = 8080 + health_check_port = 9000 alb_target_type = "ip" certificate_arn = module.keycloak_certificate.certificate_arn health_check_matcher = "200,303" diff --git a/tdr-terraform-modules b/tdr-terraform-modules index a682bfd..b43f00f 160000 --- a/tdr-terraform-modules +++ b/tdr-terraform-modules @@ -1 +1 @@ -Subproject commit a682bfda4e979ee91c1802bddfe06386140cf698 +Subproject commit b43f00f89277fe58d6979b9d1695c5864dbd0afd diff --git a/templates/ecs_tasks/keycloak.json.tpl b/templates/ecs_tasks/keycloak.json.tpl index ea7a883..c306fbb 100644 --- a/templates/ecs_tasks/keycloak.json.tpl +++ b/templates/ecs_tasks/keycloak.json.tpl @@ -109,6 +109,10 @@ { "containerPort": 8080, "hostPort": 8080 + }, + { + "containerPort": 9000, + "hostPort": 9000 } ] } From f89b2b99e3cf3aa3a4981cc48f892fae57038c34 Mon Sep 17 00:00:00 2001 From: TomJKing Date: Mon, 2 Dec 2024 14:44:22 +0000 Subject: [PATCH 4/4] Update sub-module hash --- tdr-terraform-modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tdr-terraform-modules b/tdr-terraform-modules index b43f00f..8ed556e 160000 --- a/tdr-terraform-modules +++ b/tdr-terraform-modules @@ -1 +1 @@ -Subproject commit b43f00f89277fe58d6979b9d1695c5864dbd0afd +Subproject commit 8ed556e7167447f837566b4ae8d7a307807d2425