-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
152 lines (128 loc) · 4.83 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
provider "azurerm" {
features {}
}
provider "azurerm" {
features {}
skip_provider_registration = true
alias = "postgres_network"
subscription_id = var.aks_subscription_id
}
locals {
app = "recipe-backend"
create_api = var.env != "preview" && var.env != "spreview"
# list of the thumbprints of the SSL certificates that should be accepted by the API (gateway)
allowed_certificate_thumbprints = [
# API tests
var.api_gateway_test_certificate_thumbprint,
"8B0666A1041156C83BCE832906F9BC7C2542B65A"
]
thumbprints_in_quotes = formatlist(""%s"", local.allowed_certificate_thumbprints)
thumbprints_in_quotes_str = join(",", local.thumbprints_in_quotes)
api_policy = replace(file("template/api-policy.xml"), "ALLOWED_CERTIFICATE_THUMBPRINTS", local.thumbprints_in_quotes_str)
api_base_path = "${var.product}-recipes-api"
shared_infra_rg = "${var.product}-shared-infrastructure-${var.env}"
vault_name = "${var.product}si-${var.env}"
}
data "azurerm_subnet" "postgres" {
name = "core-infra-subnet-0-${var.env}"
resource_group_name = "core-infra-${var.env}"
virtual_network_name = "core-infra-vnet-${var.env}"
}
data "azurerm_key_vault" "key_vault" {
name = local.vault_name
resource_group_name = local.shared_infra_rg
}
resource "azurerm_key_vault_secret" "POSTGRES-USER-V14" {
name = "recipe-backend-POSTGRES-USER-v14"
value = module.postgresql_flexible.username
key_vault_id = data.azurerm_key_vault.key_vault.id
}
resource "azurerm_key_vault_secret" "POSTGRES-PASS-V14" {
name = "recipe-backend-POSTGRES-PASS-v14"
value = module.postgresql_flexible.password
key_vault_id = data.azurerm_key_vault.key_vault.id
}
resource "azurerm_key_vault_secret" "POSTGRES_HOST-V14" {
name = "recipe-backend-POSTGRES-HOST-V14"
value = module.postgresql_flexible.fqdn
key_vault_id = data.azurerm_key_vault.key_vault.id
}
resource "azurerm_key_vault_secret" "POSTGRES_PORT-V14" {
name = "recipe-backend-POSTGRES-PORT-V14"
value = "5432"
key_vault_id = data.azurerm_key_vault.key_vault.id
}
resource "azurerm_key_vault_secret" "POSTGRES_DATABASE-V14" {
name = "recipe-backend-POSTGRES-DATABASE-V14"
value = "rhubarb"
key_vault_id = data.azurerm_key_vault.key_vault.id
}
module "postgresql_flexible" {
providers = {
azurerm.postgres_network = azurerm.postgres_network
}
source = "[email protected]:hmcts/terraform-module-postgresql-flexible?ref=master"
env = var.env
product = var.product
name = "${var.product}-v14-flexible"
component = var.component
business_area = "CFT"
location = var.location
subnet_suffix = "expanded"
common_tags = var.common_tags
admin_user_object_id = var.jenkins_AAD_objectId
pgsql_databases = [
{
name : "plum"
},
{
name : "rhubarb"
}
]
pgsql_version = "16"
pgsql_sku = var.pgsql_sku
}
# endregion
# REDIS CACHE TESTING
variable "rdb_backup_enabled" {
type = bool
default = false
}
variable "sku_name" {
default = "Basic"
description = "The SKU of Redis to use. Possible values are `Basic`, `Standard` and `Premium`."
}
variable "family" {
default = "C"
description = "The SKU family/pricing group to use. Valid values are `C` (for Basic/Standard SKU family) and `P` (for Premium). Use P for higher availability, but beware it costs a lot more."
}
variable "redis_capacity" {
default = "1"
description = "The size of the Redis cache to deploy. Valid values are 1, 2, 3, 4, 5"
}
variable "redis_backup_frequency" {
default = "360"
description = "The Backup Frequency in Minutes. Only supported on Premium SKUs. Possible values are: 15, 30, 60, 360, 720 and 1440"
}
variable "rdb_backup_max_snapshot_count" {
type = string
default = "1"
}
module "plum-redis-storage" {
source = "[email protected]:hmcts/cnp-module-redis?ref=DTSPO-17012-data-persistency"
product = "${var.product}-${var.component}-session-storage"
location = var.location
env = var.env
private_endpoint_enabled = true
redis_version = "6"
business_area = "cft"
public_network_access_enabled = false
common_tags = var.common_tags
sku_name = var.sku_name
family = var.family
capacity = var.redis_capacity
rdb_backup_enabled = var.rdb_backup_enabled
rdb_backup_frequency = var.redis_backup_frequency
rdb_backup_max_snapshot_count = var.rdb_backup_max_snapshot_count
rdb_storage_account_name_prefix = var.product
}