Merge pull request #8917 from ministryofjustice/date_2024_12_02

GitHub Actions Code Formatter workflow

terraform/environments/delius-core/files/user_outbound_table_mapping.json

@@ -28,11 +28,11 @@
       "rule-name": "remove_staff_id",
       "rule-target": "column",
       "object-locator": {
-          "schema-name": "DELIUS_APP_SCHEMA",
-          "table-name": "USER_",
-          "column-name": "STAFF_ID"
+        "schema-name": "DELIUS_APP_SCHEMA",
+        "table-name": "USER_",
+        "column-name": "STAFF_ID"
       },
       "rule-action": "remove-column"
-  }
+    }
   ]
 }

terraform/environments/delius-core/modules/components/dms/cloudwatch-alarms.tf

@@ -3,24 +3,24 @@ resource "aws_sns_topic" "dms_alerts_topic" {
   name              = "delius-dms-alerts-topic"
   kms_master_key_id = var.account_config.kms_keys.general_shared
 
-  http_success_feedback_role_arn = aws_iam_role.sns_logging_role.arn
+  http_success_feedback_role_arn    = aws_iam_role.sns_logging_role.arn
   http_success_feedback_sample_rate = 100
-  http_failure_feedback_role_arn = aws_iam_role.sns_logging_role.arn
+  http_failure_feedback_role_arn    = aws_iam_role.sns_logging_role.arn
 }
 
 resource "aws_iam_role" "sns_logging_role" {
   name = "sns-logging-role"
 
   assume_role_policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
+    "Version" : "2012-10-17",
+    "Statement" : [
       {
-        "Action": "sts:AssumeRole",
-        "Principal": {
-          "Service": "sns.amazonaws.com"
+        "Action" : "sts:AssumeRole",
+        "Principal" : {
+          "Service" : "sns.amazonaws.com"
         },
-        "Effect": "Allow",
-        "Sid": ""
+        "Effect" : "Allow",
+        "Sid" : ""
       }
     ]
   })
@@ -179,8 +179,8 @@ resource "aws_iam_role" "lambda_put_metric_data_role" {
     Version = "2012-10-17",
     Statement = [
       {
-        Action    = "sts:AssumeRole",
-        Effect    = "Allow",
+        Action = "sts:AssumeRole",
+        Effect = "Allow",
         Principal = {
           Service = "lambda.amazonaws.com"
         }
@@ -191,13 +191,13 @@ resource "aws_iam_role" "lambda_put_metric_data_role" {
 
 resource "aws_iam_policy" "lambda_put_metric_data_policy" {
   name = "lambda-put-metric-data-policy"
-  
+
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
       {
-        Effect   = "Allow",
-        Action   = [
+        Effect = "Allow",
+        Action = [
           "cloudwatch:PutMetricData"
         ],
         Resource = "*"
@@ -232,11 +232,11 @@ data "archive_file" "lambda_dms_replication_metric_zip" {
 # metric is 0 if the replication task is not stopped (normal state),
 # and 1 if not (whether it has been stopped manually or has failed)
 resource "aws_lambda_function" "dms_replication_metric_publisher" {
-  function_name = "dms-replication-metric-publisher"
-  role          = aws_iam_role.lambda_put_metric_data_role.arn
-  handler       = "dms_replication_metric.lambda_handler"
-  runtime       = "python3.8"
-  filename      = data.archive_file.lambda_dms_replication_metric_zip.output_path
+  function_name    = "dms-replication-metric-publisher"
+  role             = aws_iam_role.lambda_put_metric_data_role.arn
+  handler          = "dms_replication_metric.lambda_handler"
+  runtime          = "python3.8"
+  filename         = data.archive_file.lambda_dms_replication_metric_zip.output_path
   source_code_hash = data.archive_file.lambda_dms_replication_metric_zip.output_base64sha256
   environment {
     variables = {
@@ -255,7 +255,7 @@ resource "aws_lambda_permission" "allow_sns_invoke_dms_replication_metric_publis
   function_name = aws_lambda_function.dms_replication_metric_publisher.function_name
   principal     = "sns.amazonaws.com"
 
-  source_arn    = aws_sns_topic.dms_events_topic.arn
+  source_arn = aws_sns_topic.dms_events_topic.arn
 }
 
 resource "aws_cloudwatch_metric_alarm" "dms_replication_stopped_alarm" {
@@ -273,8 +273,8 @@ resource "aws_cloudwatch_metric_alarm" "dms_replication_stopped_alarm" {
   period              = "60"
 
   dimensions = {
-      SourceId = each.key
-    }
+    SourceId = each.key
+  }
 
   alarm_actions = [aws_sns_topic.dms_alerts_topic.arn]
   ok_actions    = [aws_sns_topic.dms_alerts_topic.arn]
@@ -289,9 +289,9 @@ resource "aws_cloudwatch_metric_alarm" "dms_replication_stopped_alarm" {
 resource "aws_sns_topic" "dms_events_topic" {
   name = "delius-dms-events-topic"
 
-  lambda_success_feedback_role_arn = aws_iam_role.sns_logging_role.arn
+  lambda_success_feedback_role_arn    = aws_iam_role.sns_logging_role.arn
   lambda_success_feedback_sample_rate = 100
-  lambda_failure_feedback_role_arn = aws_iam_role.sns_logging_role.arn
+  lambda_failure_feedback_role_arn    = aws_iam_role.sns_logging_role.arn
 }
 
 resource "aws_sns_topic_subscription" "dms_events_lambda_subscription" {
@@ -302,9 +302,9 @@ resource "aws_sns_topic_subscription" "dms_events_lambda_subscription" {
 
 # We handle State Change and Failure DMS Events
 resource "aws_dms_event_subscription" "dms_task_event_subscription" {
-  name       = "dms-task-event-alerts"
-  sns_topic_arn = aws_sns_topic.dms_events_topic.arn
-  source_type   = "replication-task"
+  name             = "dms-task-event-alerts"
+  sns_topic_arn    = aws_sns_topic.dms_events_topic.arn
+  source_type      = "replication-task"
   event_categories = ["state change", "failure"]
-  enabled = true
+  enabled          = true
 }

terraform/environments/delius-core/modules/components/dms/locals.tf

@@ -42,14 +42,14 @@ locals {
   dms_s3_reader_role_name = "${var.env_name}-dms-s3-reader-role"
 
   replication_task_names = concat(
-    try([aws_dms_replication_task.user_inbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.business_interaction_inbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.audited_interaction_inbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.audited_interaction_checksum_inbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.audited_interaction_outbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.business_interaction_outbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.audited_interaction_outbound_replication[0].replication_task_id],[]),
-    try([aws_dms_replication_task.audited_interaction_checksum_outbound_replication[0].replication_task_id],[])
+    try([aws_dms_replication_task.user_inbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.business_interaction_inbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.audited_interaction_inbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.audited_interaction_checksum_inbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.audited_interaction_outbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.business_interaction_outbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.audited_interaction_outbound_replication[0].replication_task_id], []),
+    try([aws_dms_replication_task.audited_interaction_checksum_outbound_replication[0].replication_task_id], [])
   )
 
 }

terraform/environments/digital-prison-reporting/modules/dms_s3_v2/main.tf

@@ -134,8 +134,8 @@ resource "aws_dms_endpoint" "dms-s3-target-source" {
   ssl_mode      = var.source_ssl_mode
   username      = var.source_app_username
 
-  dynamic postgres_settings {
-    for_each = var.source_engine_name == "postgres" ? [1]: []
+  dynamic "postgres_settings" {
+    for_each = var.source_engine_name == "postgres" ? [1] : []
 
     content {
       map_boolean_as_boolean       = true

terraform/environments/electronic-monitoring-data/lake_formation.tf

@@ -17,6 +17,6 @@ resource "aws_lakeformation_data_lake_settings" "emds_development" {
 
   admins = [
     "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/${data.aws_region.current.name}/${one(data.aws_iam_roles.modernisation_platform_sandbox_role.names)}",
-     data.aws_iam_role.github_actions_role.arn
+    data.aws_iam_role.github_actions_role.arn
   ]
 }

terraform/environments/electronic-monitoring-data/modules/landing_bucket/main.tf

@@ -88,8 +88,8 @@ module "kms_key" {
   source  = "terraform-aws-modules/kms/aws"
   version = "3.1.1"
 
-  aliases               = ["s3/landing_bucket_${var.data_feed}_${var.order_type}"]
-  description           = "${var.data_feed} ${var.order_type} landing bucket KMS key"
+  aliases     = ["s3/landing_bucket_${var.data_feed}_${var.order_type}"]
+  description = "${var.data_feed} ${var.order_type} landing bucket KMS key"
 
   # Give full access to key for root account, and lambda role ability to use.
   enable_default_policy = true

terraform/environments/electronic-monitoring-data/s3.tf

@@ -2,7 +2,7 @@ locals {
   bucket_prefix = "emds-${local.environment_shorthand}"
 
   mdss_supplier_account_mapping = {
-    "production" = null
+    "production"    = null
     "preproduction" = null
     "test" = {
       "account_number" = 173142358744

terraform/environments/oasys-national-reporting/locals_ec2_instances.tf

@@ -22,9 +22,9 @@ locals {
       }
       ebs_volumes = {
         "/dev/sda1" = { type = "gp3", size = 128 } # root volume
-        "xvdd" = { type = "gp3", size = 128 } # D:/ Temp
-        "xvde" = { type = "gp3", size = 128 } # E:/ App
-        "xvdf" = { type = "gp3", size = 700 } # F:/ Storage
+        "xvdd"      = { type = "gp3", size = 128 } # D:/ Temp
+        "xvde"      = { type = "gp3", size = 128 } # E:/ App
+        "xvdf"      = { type = "gp3", size = 700 } # F:/ Storage
       }
       instance = {
         disable_api_termination      = false

terraform/environments/oasys-national-reporting/locals_test.tf

@@ -135,7 +135,7 @@ locals {
           ])
           user_data_raw = base64encode(templatefile(
             "./templates/user-data-onr-bods-pwsh.yaml.tftpl", {
-            branch = "TM/TM-660/onr-bods-second-server"
+              branch = "TM/TM-660/onr-bods-second-server"
           }))
         })
         instance = merge(local.ec2_autoscaling_groups.bods.instance, {

terraform/environments/panda-cyber-appsec-lab/ec2.tf

@@ -7,7 +7,7 @@ resource "aws_instance" "kali_linux" {
   vpc_security_group_ids      = [aws_security_group.kali_linux_sg.id]
   iam_instance_profile        = aws_iam_instance_profile.ssm_instance_profile.name
   ebs_optimized               = true
-  
+
   metadata_options {
     http_tokens = "required"
   }

terraform/environments/ppud/iam.tf

@@ -1182,26 +1182,26 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_get_metric_data_dev"
       ]
       },
       {
-	      "Sid"     : "S3BucketPolicy",
-        "Effect"  : "Allow",
-        "Action"  : [
+        "Sid" : "S3BucketPolicy",
+        "Effect" : "Allow",
+        "Action" : [
           "s3:GetObject",
           "s3:PutObject",
           "s3:DeleteObject"
         ],
         "Resource" : [
-           "arn:aws:s3:::moj-lambda-layers-dev",
-		       "arn:aws:s3:::moj-lambda-layers-dev/*"
+          "arn:aws:s3:::moj-lambda-layers-dev",
+          "arn:aws:s3:::moj-lambda-layers-dev/*"
         ]
       },
       {
-	      "Sid"     : "SSMPolicy",
-        "Effect"  : "Allow",
-        "Action"  : [
+        "Sid" : "SSMPolicy",
+        "Effect" : "Allow",
+        "Action" : [
           "ssm:GetParameter"
         ],
         "Resource" : [
-           "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:parameter/klayers-account"
+          "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:parameter/klayers-account"
         ]
       },
       {

terraform/environments/ppud/lambda.tf

@@ -506,17 +506,17 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_graph_dev" {
   timeout                        = 300
   depends_on                     = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_get_metric_data_to_lambda_role_cloudwatch_get_metric_data_dev]
   reserved_concurrent_executions = 5
- # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:code-signing-config:csc-0c7136ccff2de748f"
- # dead_letter_config {
- #   target_arn = aws_sqs_queue.lambda_queue_dev[0].arn
- # }
+  # code_signing_config_arn        = "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:code-signing-config:csc-0c7136ccff2de748f"
+  # dead_letter_config {
+  #   target_arn = aws_sqs_queue.lambda_queue_dev[0].arn
+  # }
   tracing_config {
     mode = "Active"
   }
-   layers = [
-     "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev[0].value}:layer:Klayers-p312-numpy:8",
-     "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev[0].value}:layer:Klayers-p312-pillow:1",
-     aws_lambda_layer_version.lambda_layer_matplotlib_dev[0].arn 
+  layers = [
+    "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev[0].value}:layer:Klayers-p312-numpy:8",
+    "arn:aws:lambda:eu-west-2:${data.aws_ssm_parameter.klayers_account_dev[0].value}:layer:Klayers-p312-pillow:1",
+    aws_lambda_layer_version.lambda_layer_matplotlib_dev[0].arn
   ]
 }
 

terraform/environments/tribunals/waf.tf

@@ -1,7 +1,7 @@
 resource "aws_wafv2_ip_set" "allowed_ip_set" {
-  provider  = aws.us-east-1
-  name      = "allowed-ip-set"
-  scope     = "CLOUDFRONT"
+  provider = aws.us-east-1
+  name     = "allowed-ip-set"
+  scope    = "CLOUDFRONT"
   addresses = [
     "20.26.11.71/32", "20.26.11.108/32", "20.49.214.199/32",
     "20.49.214.228/32", "51.149.249.0/29", "51.149.249.32/29",