Skip to content

Commit

Permalink
Merge pull request #4289 from ministryofjustice/oasys-add-azure-secrets
Browse files Browse the repository at this point in the history
oasys add azure secrets
  • Loading branch information
wullub authored Dec 11, 2023
2 parents d396b45 + 195c983 commit 77117cb
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 4 deletions.
17 changes: 13 additions & 4 deletions terraform/environments/oasys/locals_preproduction.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ locals {
"/oracle/database/PPONRAUD" = local.secretsmanager_secrets_db
"/oracle/database/PPONRBDS" = local.secretsmanager_secrets_db
"/oracle/bip/preprod" = local.secretsmanager_secrets_bip

# for azure, remove when migrated to aws db
"/oracle/database/OASPROD" = local.secretsmanager_secrets_oasys_db
}

baseline_iam_policies = {
Expand Down Expand Up @@ -104,9 +107,14 @@ locals {
# ssm_parameters_prefix = "ec2-web-pp/"
# iam_resource_names_prefix = "ec2-web-pp"
# })
# user_data_cloud_init = merge(module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_ansible_no_tags, {
# args = merge(module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_ansible_no_tags.args, {
# branch = "oasys-ords-secrets"
# })
# })
# tags = merge(local.webserver_a.tags, {
# oracle-db-hostname = "db.t2.oasys.hmpps-test.modernisation-platform.internal"###################################
# oracle-db-sid = "T2OASYS" # for each env using azure DB will need to be OASPROD##############################################
# oracle-db-hostname = "PPODL00009.azure.noms.root" # "db.pp.oasys.hmpps-preproduction.modernisation-platform.internal"
# oracle-db-sid = "OASPROD" # "PPOASYS"
# })
# })
}
Expand Down Expand Up @@ -140,6 +148,7 @@ locals {
public = {
internal_lb = false
access_logs = false
s3_versioning = false
force_destroy_bucket = true
enable_delete_protection = false
existing_target_groups = {
Expand Down Expand Up @@ -208,8 +217,8 @@ locals {
}
private = {
internal_lb = true
access_logs = false
# s3_versioning = false
access_logs = true
s3_versioning = false
force_destroy_bucket = true
enable_delete_protection = false
existing_target_groups = {}
Expand Down
1 change: 1 addition & 0 deletions terraform/modules/baseline/lb.tf
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ module "lb" {
access_logs = each.value.access_logs
enable_cross_zone_load_balancing = each.value.enable_cross_zone_load_balancing
dns_record_client_routing_policy = each.value.dns_record_client_routing_policy
s3_versioning = each.value.s3_versioning

existing_bucket_name = try(module.s3_bucket[each.value.existing_bucket_name].bucket.id, each.value.existing_bucket_name)

Expand Down
1 change: 1 addition & 0 deletions terraform/modules/baseline/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,7 @@ variable "lbs" {
existing_bucket_name = optional(string, "") # NOTE: module default value is empty string ""
enable_cross_zone_load_balancing = optional(bool, false) # network and gateway lb types only, application lb's this is always true
dns_record_client_routing_policy = optional(string, "any_availability_zone") # network load-balancer types only
s3_versioning = optional(bool, true)
instance_target_groups = optional(map(object({
port = optional(number)
protocol = optional(string)
Expand Down

0 comments on commit 77117cb

Please sign in to comment.