chore: setup staging GOV_UK_PAY_TOKEN_GLOUCESTER #2706
Conversation
|
Removed vultr server and associated DNS entries |
- This will allow the credentials for Medway and Gloucester to be read on staging and production - As there won't be credentials on prod this will break
… environment - Add optional key of stagingOnly - Add guard clause in generateSecrets to skip Medway and Gloucester secret generation in production
| @@ -25,6 +25,7 @@ export const generateTeamSecrets = ( | |||
| ): awsx.ecs.KeyValuePair[] => { | |||
| const secrets: awsx.ecs.KeyValuePair[] = []; | |||
| teams.forEach((team) => { | |||
| if (env === "production" && team?.stagingOnly) return; | |||
There was a problem hiding this comment.
Comment:
I think this is a simple change and should work although I guess we can't test it until it's on staging/prod?
infrastructure/common/teams.ts
Outdated
| @@ -14,6 +14,7 @@ interface Team { | |||
| name: string; | |||
| // Must match "name" in the Digital Land dataset "local-authority-district" (https://www.planning.data.gov.uk/dataset/local-authority-district) | |||
| uniformInstances?: string[]; | |||
| stagingOnly?: boolean; | |||
There was a problem hiding this comment.
nit: To be totally explicit here we should link this to GovPay, e.g. govPayStagingOnly
There was a problem hiding this comment.
I did consider this although I think as it's at a top level it would skip all secret generation on prod? Although we're only using it at the pay level it's not specific to gov pay?
I'm happy to go with that though as I guess it does better match how we're using it right now?
There was a problem hiding this comment.
I think I maybe misunderstood your suggestion, I'll refactor to put it inline with the uniformInstances pattern 👍
Added here: 55fff27
- Rename from stagingOnly to govPayStagingOnly to be more specific - Rather than a general guard clause specifically only add govPay secret if either sandbox or staging
What:
GOV_UK_PAY_TOKEN_GLOUCESTERto pulumi staging stack.env.exampleandserver.tsaccordingly.pizza-secrets, addGOV_UK_PAY_TOKEN_GLOUCESTERto .env and pushpizza-secretsto allow sandbox gov uk pay to work on pizzasteamsto allow gov pay uk to work on staginggenerateTeamSecretsto only generate Medway and Gloucester secrets on staging to avoid errors on prodWhy:
teams.tsto allow the key to work on staging: https://editor.planx.dev/medway/gov-pay-staging-test/preview?analytics=falsegenerateTeamSecretsto handle the difference in staging/prod credsTesting:
Follow up PR