[Issue #2351] Nava platform upgrade v0.3 => v0.4 (#2568)

## Summary Fixes #2576 Relates to navapbc/template-infra@v0.3.0...v0.4.0 ### Time to review: __x mins__ ## Changes proposed - Adds `.template-infra` folder, which is how Nava's platform CLI keeps track of our apps - Updates to latest template version, eg. - adds and removes some variables here and there - that's it - this is a very small update ## Additional information tested by running ``` terraform init -backend-config=dev.s3.tfbackend -reconfigure terraform plan -var "environment_name=dev" ```
HHS · Oct 28, 2024 · 4ffa4d3 · 4ffa4d3
1 parent 2c9d075
commit 4ffa4d3
Show file tree

Hide file tree

Showing 10 changed files with 32 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -149,3 +149,6 @@ dmypy.json
 
 # Terraform plan outputs
 *.tfplan
+
+# Python testing stuff
+*__pycache__*
diff --git a/.template-infra/app-analytics.yml b/.template-infra/app-analytics.yml
@@ -0,0 +1,3 @@
+_commit: 929a959
+_src_path: https://github.com/navapbc/template-infra
+app_name: analytics
diff --git a/.template-infra/app-api.yml b/.template-infra/app-api.yml
@@ -0,0 +1,3 @@
+_commit: 929a959
+_src_path: https://github.com/navapbc/template-infra
+app_name: api
diff --git a/.template-infra/app-frontend.yml b/.template-infra/app-frontend.yml
@@ -0,0 +1,3 @@
+_commit: 929a959
+_src_path: https://github.com/navapbc/template-infra
+app_name: frontend
diff --git a/.template-infra/base.yml b/.template-infra/base.yml
@@ -0,0 +1,3 @@
+_commit: 929a959
+_src_path: https://github.com/navapbc/template-infra
+app_name: template-only
diff --git a/.template-version b/.template-version
@@ -1 +1 @@
-fe5c7cd24d3c2c9f15c342826cda0a20af4cd0a5
+929a959ded1103bed5c25edf3c991ddf9698f0b9
diff --git a/infra/modules/database/main.tf b/infra/modules/database/main.tf
@@ -9,9 +9,10 @@ resource "random_id" "db_superuser" {
 }
 
 locals {
-  master_username      = random_id.db_superuser.hex
-  role_manager_name    = "${var.name}-role-manager"
-  role_manager_package = "${path.root}/role_manager.zip"
+  master_username       = random_id.db_superuser.hex
+  primary_instance_name = "${var.name}-primary"
+  role_manager_name     = "${var.name}-role-manager"
+  role_manager_package  = "${path.root}/role_manager.zip"
 
   # The ARN that represents the users accessing the database are of the format: "arn:aws:rds-db:<region>:<account-id>:dbuser:<resource-id>/<database-user-name>""
   # See https://aws.amazon.com/blogs/database/using-iam-authentication-to-connect-with-pgadmin-amazon-aurora-postgresql-or-amazon-rds-for-postgresql/

diff --git a/infra/modules/database/role_manager/requirements.txt b/infra/modules/database/role_manager/requirements.txt
@@ -1 +1 @@
-pg8000
+pg8000
diff --git a/infra/modules/database/role_manager/role_manager.py b/infra/modules/database/role_manager/role_manager.py
@@ -16,9 +16,6 @@
 def lambda_handler(event, context):
     if event == "check":
         return check()
-    elif event == "password_ts":
-        connect_as_master_user()
-        return "Succeeded"
     else:
         return manage()
 

diff --git a/infra/networks/main.tf b/infra/networks/main.tf
@@ -5,6 +5,17 @@ locals {
     description = "VPC resources"
   })
   region = module.project_config.default_region
+
+  # List of AWS services used by this VPC
+  # This list is used to create VPC endpoints so that the AWS services can
+  # be accessed without network traffic ever leaving the VPC's private network
+  # For a list of AWS services that integrate with AWS PrivateLink
+  # see https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html
+  #
+  # The database module requires VPC access from private networks to SSM, KMS, and RDS
+  aws_service_integrations = toset(
+    module.app_config.has_database ? ["ssm", "kms", "secretsmanager"] : []
+  )
 }
 
 terraform {
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		fe5c7cd24d3c2c9f15c342826cda0a20af4cd0a5
		929a959ded1103bed5c25edf3c991ddf9698f0b9