Merge branch 'main' into DBA-761

.github/workflows/code-scanning.yml

@@ -81,7 +81,7 @@ jobs:
           fetch-depth: 0
       - name: Run Checkov action
         id: checkov
-        uses: bridgecrewio/checkov-action@6aa9bec7b321bfe25839494e1efc7f2faad84416 # v12.2872.0
+        uses: bridgecrewio/checkov-action@d0e41abbcc8c1103c6ae7e451681d071f05e1c20 # v12.2873.0
         with:
           directory: ./
           framework: terraform

terraform/environments/analytical-platform-compute/helm-charts-actions-runners.tf

@@ -12,7 +12,7 @@ resource "helm_release" "actions_runner_mojas_airflow" {
   /* https://github.com/ministryofjustice/analytical-platform-actions-runner */
   name       = "actions-runner-mojas-airflow"
   repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts"
-  version    = "2.319.1-1"
+  version    = "2.319.1-2"
   chart      = "actions-runner"
   namespace  = kubernetes_namespace.actions_runners[0].metadata[0].name
   values = [
@@ -43,7 +43,7 @@ resource "helm_release" "actions_runner_mojas_airflow_create_a_pipeline" {
   /* https://github.com/ministryofjustice/analytical-platform-actions-runner */
   name       = "actions-runner-mojas-airflow-create-a-pipeline"
   repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts"
-  version    = "2.319.1-1"
+  version    = "2.319.1-2"
   chart      = "actions-runner"
   namespace  = kubernetes_namespace.actions_runners[0].metadata[0].name
   values = [
@@ -73,7 +73,7 @@ resource "helm_release" "actions_runner_mojas_create_a_derived_table" {
   /* https://github.com/ministryofjustice/analytical-platform-actions-runner */
   name       = "actions-runner-mojas-create-a-derived-table"
   repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts"
-  version    = "2.319.1-1"
+  version    = "2.319.1-2"
   chart      = "actions-runner"
   namespace  = kubernetes_namespace.actions_runners[0].metadata[0].name
   values = [
@@ -96,7 +96,7 @@ resource "helm_release" "actions_runner_mojas_create_a_derived_table_dpr" {
   /* https://github.com/ministryofjustice/analytical-platform-actions-runner */
   name       = "actions-runner-mojas-create-a-derived-table-dpr"
   repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts"
-  version    = "2.319.1-1"
+  version    = "2.319.1-2"
   chart      = "actions-runner"
   namespace  = kubernetes_namespace.actions_runners[0].metadata[0].name
   values = [

terraform/environments/analytical-platform-compute/helm-charts-applications.tf

@@ -2,7 +2,7 @@ resource "helm_release" "ui" {
   /* https://github.com/ministryofjustice/analytical-platform-ui */
   name       = "ui"
   repository = "oci://ghcr.io/ministryofjustice/analytical-platform-charts"
-  version    = "0.2.3"
+  version    = "0.2.4"
   chart      = "analytical-platform-ui"
   namespace  = kubernetes_namespace.ui.metadata[0].name
   values = [

terraform/environments/analytical-platform-ingestion/environment-configuration.tf

@@ -13,9 +13,9 @@ locals {
       observability_platform = "development"
 
       /* Image Versions */
-      scan_image_version     = "0.0.8"
-      transfer_image_version = "0.0.13"
-      notify_image_version   = "0.0.14"
+      scan_image_version     = "0.0.9"
+      transfer_image_version = "0.0.14"
+      notify_image_version   = "0.0.15"
 
       /* Target Buckets */
       target_buckets = ["mojap-land-dev"]
@@ -44,9 +44,9 @@ locals {
       observability_platform = "production"
 
       /* Image Versions */
-      scan_image_version     = "0.0.8"
-      transfer_image_version = "0.0.13"
-      notify_image_version   = "0.0.14"
+      scan_image_version     = "0.0.9"
+      transfer_image_version = "0.0.14"
+      notify_image_version   = "0.0.15"
 
       /* Target Buckets */
       target_buckets = ["mojap-land"]

terraform/environments/apex/application_variables.json

@@ -52,17 +52,17 @@
       "oas_lz_cidr": "10.202.4.85/32"
     },
     "test": {
-      "ec2amiid": "ami-0f9852b626b9b57e7",
+      "ec2amiid": "ami-00b96c3ab7b1106b4",
       "ec2instancetype": "t3.large",
       "workspace_cidr": "10.200.0.0/20",
       "u01_orahome_size": "20",
-      "u01_orahome_snapshot": "snap-06c4e808d8156e7b3",
+      "u01_orahome_snapshot": "snap-08a78be130fecd338",
       "u02_oradata_size": "100",
-      "u02_oradata_snapshot": "snap-009a17503aeafa1ea",
+      "u02_oradata_snapshot": "snap-0c8dd7ca02b76f3b9",
       "u03_redo_size": "50",
-      "u03_redo_snapshot": "snap-0e1b92e0b7612f075",
+      "u03_redo_snapshot": "snap-0e70d2835a67670e3",
       "u04_arch_size": "50",
-      "u04_arch_snapshot": "snap-03826f506d4cf5697",
+      "u04_arch_snapshot": "snap-0a69ef59871cb0c79",
       "container_instance_type": "linux",
       "instance_type": "t3a.medium",
       "key_name": "",

terraform/environments/apex/ecs.tf

@@ -33,6 +33,6 @@ module "apex-ecs" {
   ec2_instance_warmup_period = local.application_data.accounts[local.environment].ec2_instance_warmup_period
   log_group_kms_key          = aws_kms_key.cloudwatch_logs_key.arn
   environment                = local.environment
-  database_tad_password_arn  = "arn:aws:ssm:${local.application_data.accounts[local.environment].region}:${local.env_account_id}:parameter/${local.app_db_password_name}"
+  database_admin_password_arn  = "arn:aws:ssm:${local.application_data.accounts[local.environment].region}:${local.env_account_id}:parameter/${local.app_db_password_name}"
 
 }

terraform/environments/apex/locals.tf

@@ -70,11 +70,12 @@ locals {
     region            = local.application_data.accounts[local.environment].region
     app_db_url        = "${aws_route53_record.apex-db.fqdn}:1521:APEX"
     app_debug_enabled = local.application_data.accounts[local.environment].app_debug_enabled
+    # Note that the following secret is created manually on Parameter Store
     db_secret_arn     = "arn:aws:ssm:${local.application_data.accounts[local.environment].region}:${local.env_account_id}:parameter/${local.app_db_password_name}"
   })
 
   env_account_id       = local.environment_management.account_ids[terraform.workspace]
-  app_db_password_name = "APP_APEX_DBPASSWORD_TAD"
+  app_db_password_name = "APP_APEX_DBPASSWORD_ADMIN"
   db_hostname          = "db.${local.application_name}"
 
   database-instance-userdata = <<EOF

terraform/environments/apex/modules/ecs/main.tf

@@ -346,7 +346,7 @@ resource "aws_iam_policy" "ecs_task_execution_policy" { #tfsec:ignore:aws-iam-no
       "Action": [
         "ssm:GetParameters"
       ],
-      "Resource": ["${var.database_tad_password_arn}"]
+      "Resource": ["${var.database_admin_password_arn}"]
     }
   ]
 }

terraform/environments/apex/modules/ecs/variables.tf

@@ -157,7 +157,7 @@ variable "log_group_kms_key" {
   description = "The key ARN for CloudWatch Log Group encryption"
 }
 
-variable "database_tad_password_arn" {
+variable "database_admin_password_arn" {
   type        = string
-  description = "The ARN of the APEX TAD database password"
+  description = "The ARN of the APEX ADMIN database password"
 }

terraform/environments/delius-core/locals_development.tf

@@ -6,6 +6,7 @@ locals {
 
   environment_config_dev = {
     migration_environment_private_cidr     = ["10.162.32.0/22", "10.162.36.0/22", "10.162.40.0/22"]
+    migration_environment_vpc_cidr         = "10.162.32.0/20"
     migration_environment_db_cidr          = ["10.162.44.0/24", "10.162.45.0/24", "10.162.46.0/25"]
     migration_environment_full_name        = "dmd-mis-dev"
     migration_environment_abbreviated_name = "dmd"
@@ -26,6 +27,7 @@ locals {
     efs_backup_schedule         = "cron(0 19 * * ? *)",
     efs_backup_retention_period = "30"
     port                        = 389
+    tls_port                    = 636
   }
 
   db_config_dev = {
@@ -94,9 +96,11 @@ locals {
     }
 
     ldap = {
-      image_tag      = "6.0.3-latest"
-      container_port = 389
-      slapd_log_level = "stats"
+      image_tag        = "6.0.3-latest"
+      container_port   = 389
+      slapd_log_level  = "stats"
+      container_cpu    = 512
+      container_memory = 1024
     }
 
     pdf_creation = {

terraform/environments/delius-core/locals_preproduction.tf

@@ -97,6 +97,12 @@ locals {
       container_memory = 1024
     }
 
+    ldap = {
+      image_tag      = "replace_me"
+      container_port = 389
+      slapd_log_level = "replace_me"
+    }
+
     pdf_creation = {
       image_tag      = "5.7.6"
       container_port = 80

terraform/environments/delius-core/locals_stage.tf

@@ -96,6 +96,12 @@ locals {
       container_memory = 1024
     }
 
+    ldap = {
+      image_tag      = "replace_me"
+      container_port = 389
+      slapd_log_level = "replace_me"
+    }
+
     pdf_creation = {
       image_tag      = "5.7.6"
       container_port = 80

terraform/environments/delius-core/locals_test.tf

@@ -6,6 +6,7 @@ locals {
 
   environment_config_test = {
     migration_environment_private_cidr     = ["10.162.8.0/22", "10.162.4.0/22", "10.162.0.0/22"]
+    migration_environment_vpc_cidr         = "10.162.0.0/20"
     migration_environment_db_cidr          = ["10.162.14.0/25", "10.162.13.0/24", "10.162.12.0/24"]
     migration_environment_full_name        = "del-test"
     migration_environment_abbreviated_name = "del"
@@ -26,6 +27,7 @@ locals {
     efs_backup_schedule         = "cron(0 19 * * ? *)",
     efs_backup_retention_period = "30"
     port                        = 389
+    tls_port                    = 636
   }
 
 
@@ -93,9 +95,11 @@ locals {
     }
 
     ldap = {
-      image_tag      = "replace_me"
-      container_port = 389
-      slapd_log_level = "replace_me"
+      image_tag        = "6.0.3-latest"
+      container_port   = 389
+      slapd_log_level  = "conns,config,stats,stats2"
+      container_cpu    = 2048
+      container_memory = 4096
     }
 
     pdf_creation = {