hmcts · renovate · Jul 30, 2024 · Jul 30, 2024
diff --git a/infrastructure/demo.tfvars b/infrastructure/demo.tfvars
@@ -1,3 +1,3 @@
 additional_databases = [
-    "postgresql-db2"
+  "postgresql-db2"
 ]
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -1,31 +1,31 @@
 provider "azurerm" {
   features {
     resource_group {
-       prevent_deletion_if_contains_resources = false
+      prevent_deletion_if_contains_resources = false
     }
   }
 }
 
 locals {
   # Api Management config
-  api_mgmt_name     = join("-", ["core-api-mgmt", var.env])
-  api_mgmt_rg       = join("-", ["core-infra", var.env])
+  api_mgmt_name = join("-", ["core-api-mgmt", var.env])
+  api_mgmt_rg   = join("-", ["core-infra", var.env])
 
   app_full_name = "${var.product}-${var.component}"
 
-  vaultName = join("-", [var.core_product, var.env])
-  s2sUrl = "http://rpe-service-auth-provider-${var.env}.service.core-compute-${var.env}.internal"
-  s2s_rg_prefix               = "rpe-service-auth-provider"
-  s2s_key_vault_name          = var.env == "preview" || var.env == "spreview" ? join("-", ["s2s", "aat"]) : join("-", ["s2s", var.env])
-  s2s_vault_resource_group    = var.env == "preview" || var.env == "spreview" ? join("-", [local.s2s_rg_prefix, "aat"]) : join("-", [local.s2s_rg_prefix, var.env])
+  vaultName                 = join("-", [var.core_product, var.env])
+  s2sUrl                    = "http://rpe-service-auth-provider-${var.env}.service.core-compute-${var.env}.internal"
+  s2s_rg_prefix             = "rpe-service-auth-provider"
+  s2s_key_vault_name        = var.env == "preview" || var.env == "spreview" ? join("-", ["s2s", "aat"]) : join("-", ["s2s", var.env])
+  s2s_vault_resource_group  = var.env == "preview" || var.env == "spreview" ? join("-", [local.s2s_rg_prefix, "aat"]) : join("-", [local.s2s_rg_prefix, var.env])
   notifications_service_url = join("", ["http://notifications-service-", var.env, ".service.core-compute-", var.env, ".internal"])
   # list of the thumbprints of the SSL certificates that should be accepted by the refund status API (gateway)
-  notifications_status_thumbprints_in_quotes = formatlist("&quot;%s&quot;", var.notifications_service_gateway_certificate_thumbprints)
+  notifications_status_thumbprints_in_quotes     = formatlist("&quot;%s&quot;", var.notifications_service_gateway_certificate_thumbprints)
   notifications_status_thumbprints_in_quotes_str = join(",", local.notifications_status_thumbprints_in_quotes)
 }
 
 data "azurerm_key_vault" "notifications_key_vault" {
-  name = "${local.vaultName}"
+  name                = local.vaultName
   resource_group_name = join("-", [var.core_product, var.env])
 }
 
@@ -34,66 +34,66 @@ module "notifications-service-database-v15" {
   providers = {
     azurerm.postgres_network = azurerm.postgres_network
   }
-  source = "[email protected]:hmcts/terraform-module-postgresql-flexible?ref=master"
-  product = var.product
-  component = var.component
-  business_area = "cft"
-  name = join("-", [var.product,var.component, "postgres-db-v15"])
-  location = var.location
-  env = var.env
+  source               = "[email protected]:hmcts/terraform-module-postgresql-flexible?ref=master"
+  product              = var.product
+  component            = var.component
+  business_area        = "cft"
+  name                 = join("-", [var.product, var.component, "postgres-db-v15"])
+  location             = var.location
+  env                  = var.env
   pgsql_admin_username = var.postgresql_user
 
   # Setup Access Reader db user
   force_user_permissions_trigger = "1"
 
   pgsql_databases = [
-      {
-        name : var.database_name
-      }
-    ]
-    pgsql_server_configuration = [
-        {
-          name  = "azure.extensions"
-          value = "plpgsql,pg_stat_statements,pg_buffercache"
-        }
-      ]
-  pgsql_sku = var.flexible_sku_name
+    {
+      name : var.database_name
+    }
+  ]
+  pgsql_server_configuration = [
+    {
+      name  = "azure.extensions"
+      value = "plpgsql,pg_stat_statements,pg_buffercache"
+    }
+  ]
+  pgsql_sku            = var.flexible_sku_name
   admin_user_object_id = var.jenkins_AAD_objectId
-  common_tags = var.common_tags
-  pgsql_version = var.postgresql_flexible_sql_version
+  common_tags          = var.common_tags
+  pgsql_version        = var.postgresql_flexible_sql_version
 }
 
 
 
 # Populate Vault with DB info
 
 resource "azurerm_key_vault_secret" "POSTGRES-USER" {
-  name      = join("-", [var.component, "POSTGRES-USER"])
-  value     = module.notifications-service-database-v15.username
+  name         = join("-", [var.component, "POSTGRES-USER"])
+  value        = module.notifications-service-database-v15.username
   key_vault_id = data.azurerm_key_vault.notifications_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES-PASS" {
-  name      = join("-", [var.component, "POSTGRES-PASS"])
-  value     = module.notifications-service-database-v15.password
+  name         = join("-", [var.component, "POSTGRES-PASS"])
+  value        = module.notifications-service-database-v15.password
   key_vault_id = data.azurerm_key_vault.notifications_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES_HOST" {
-  name      = join("-", [var.component, "POSTGRES-HOST"])
-  value     = module.notifications-service-database-v15.fqdn
+  name         = join("-", [var.component, "POSTGRES-HOST"])
+  value        = module.notifications-service-database-v15.fqdn
   key_vault_id = data.azurerm_key_vault.notifications_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES_PORT" {
-  name      = join("-", [var.component, "POSTGRES-PORT"])
-  value     = var.postgresql_flexible_server_port
+  name         = join("-", [var.component, "POSTGRES-PORT"])
+  value        = var.postgresql_flexible_server_port
   key_vault_id = data.azurerm_key_vault.notifications_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "POSTGRES_DATABASE" {
-  name      = join("-", [var.component, "POSTGRES-DATABASE"])
-  value     = var.database_name
+  name         = join("-", [var.component, "POSTGRES-DATABASE"])
+  value        = var.database_name
   key_vault_id = data.azurerm_key_vault.notifications_key_vault.id
 }
 
@@ -104,14 +104,14 @@ data "azurerm_key_vault" "s2s_key_vault" {
 }
 
 data "azurerm_key_vault_secret" "s2s_secret" {
-  name          = "microservicekey-notifications-service"
-  key_vault_id  = data.azurerm_key_vault.s2s_key_vault.id
+  name         = "microservicekey-notifications-service"
+  key_vault_id = data.azurerm_key_vault.s2s_key_vault.id
 }
 
 resource "azurerm_key_vault_secret" "notifications_s2s_secret" {
-  name          = "notifications-s2s-secret"
-  value         = data.azurerm_key_vault_secret.s2s_secret.value
-  key_vault_id  = data.azurerm_key_vault.notifications_key_vault.id
+  name         = "notifications-s2s-secret"
+  value        = data.azurerm_key_vault_secret.s2s_secret.value
+  key_vault_id = data.azurerm_key_vault.notifications_key_vault.id
 }
 
 #data "azurerm_key_vault" "notifications_key_vault" {

diff --git a/infrastructure/state.tf b/infrastructure/state.tf
@@ -1,14 +1,14 @@
 terraform {
   backend "azurerm" {}
-   required_providers {
-      azurerm = {
-        source  = "hashicorp/azurerm"
-        version = "~> 3.40"
-      }
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.40"
+    }
 
-     azuread = {
-       source  = "hashicorp/azuread"
-       version = "2.47.0"
-     }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "2.53.1"
     }
+  }
 }
diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf
@@ -28,7 +28,7 @@ variable "subscription" {
 
 
 variable "common_tags" {
-  type =  map(string)
+  type = map(string)
 }
 
 variable "core_product" {
@@ -50,11 +50,11 @@ variable "database_name" {
 variable "tenant_id" {}
 
 variable "jenkins_AAD_objectId" {
-  type                        = string
-  description                 = "(Required) The Azure AD object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies."
+  type        = string
+  description = "(Required) The Azure AD object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies."
 }
 
-variable flexible_sku_name {
+variable "flexible_sku_name" {
   default = "GP_Standard_D2s_v3"
 }