listener per unique ports

ministryofjustice · Feb 9, 2024 · d2cf106 · d2cf106
1 parent 53ab13a
commit d2cf106
Show file tree

Hide file tree

Showing 17 changed files with 229 additions and 150 deletions.
diff --git a/terraform/environments/delius-core/locals_development.tf b/terraform/environments/delius-core/locals_development.tf
@@ -60,35 +60,57 @@ locals {
     }
   }
 
-  gdpr_config_dev = {
-    api_image_tag = "REPLACE"
-    ui_image_tag  = "REPLACE"
-  }
+  delius_microservices_configs_dev = {
+    gdpr_ui = {
+      image_tag      = "REPLACE"
+      container_port = 80
+    }
 
-  merge_config_dev = {
-    api_image_tag = "REPLACE"
-    ui_image_tag  = "REPLACE"
-  }
+    gdpr_api = {
+      image_tag      = "REPLACE"
+      container_port = 8080
+    }
 
-  weblogic_config_dev = {
-    image_tag        = "5.7.6"
-    container_port   = 8080
-    container_memory = 4096
-    container_cpu    = 2048
-  }
+    merge_ui = {
+      image_tag      = "REPLACE"
+      container_port = 80
+    }
 
-  weblogic_eis_config_dev = {
-    image_tag        = "5.7.6"
-    container_port   = 8080
-    container_memory = 2048
-    container_cpu    = 1024
-  }
+    merge_api = {
+      image_tag      = "REPLACE"
+      container_port = 8080
+    }
 
-  user_management_config_dev = {
-    image_tag        = "5.7.6"
-    container_port   = 8080
-    container_memory = 4096
-    container_cpu    = 1024
+    weblogic = {
+      image_tag        = "5.7.6"
+      container_port   = 8080
+      container_memory = 4096
+      container_cpu    = 2048
+    }
+
+    weblogic_eis = {
+      image_tag        = "5.7.6"
+      container_port   = 8080
+      container_memory = 2048
+      container_cpu    = 1024
+    }
+
+    user_management = {
+      image_tag        = "5.7.6"
+      container_port   = 8080
+      container_memory = 4096
+      container_cpu    = 1024
+    }
+
+    pwm = {
+      image_tag      = "5.7.6"
+      container_port = 8080
+    }
+
+    community_api = {
+      image_tag      = "REPLACE"
+      container_port = 8080
+    }
   }
 
   bastion_config_dev = {

diff --git a/terraform/environments/delius-core/locals_test.tf b/terraform/environments/delius-core/locals_test.tf
@@ -61,38 +61,53 @@ locals {
     }
   }
 
+  delius_microservices_configs_test = {
+    gdpr_ui = {
+      image_tag      = "REPLACE"
+      container_port = 80
+    }
 
-  weblogic_config_test = {
-    image_tag        = "5.7.6"
-    container_port   = 8080
-    container_memory = 4096
-    container_cpu    = 2048
-  }
+    gdpr_api = {
+      image_tag      = "REPLACE"
+      container_port = 8080
+    }
 
-  weblogic_eis_config_test = {
-    image_tag        = "5.7.6"
-    container_port   = 8080
-    container_memory = 2048
-    container_cpu    = 1024
-  }
+    merge_ui = {
+      image_tag      = "REPLACE"
+      container_port = 80
+    }
 
-  merge_config_test = {
-    api_image_tag = "REPLACE"
-    ui_image_tag  = "REPLACE"
-  }
+    merge_api = {
+      image_tag      = "REPLACE"
+      container_port = 8080
+    }
 
-  gdpr_config_test = {
-    api_image_tag = "REPLACE"
-    ui_image_tag  = "REPLACE"
-  }
+    weblogic = {
+      image_tag        = "5.7.6"
+      container_port   = 8080
+      container_memory = 4096
+      container_cpu    = 2048
+    }
 
-  user_management_config_test = {
-    image_tag        = "5.7.6"
-    container_port   = 8080
-    container_memory = 4096
-    container_cpu    = 2048
-  }
+    weblogic_eis = {
+      image_tag        = "5.7.6"
+      container_port   = 8080
+      container_memory = 2048
+      container_cpu    = 1024
+    }
 
+    user_management = {
+      image_tag        = "5.7.6"
+      container_port   = 8080
+      container_memory = 4096
+      container_cpu    = 1024
+    }
+
+    pwm = {
+      image_tag      = "5.7.6"
+      container_port = 8080
+    }
+  }
 
 
   bastion_config_test = {

diff --git a/terraform/environments/delius-core/main_development.tf b/terraform/environments/delius-core/main_development.tf
@@ -18,20 +18,18 @@ module "environment_dev" {
   app_name      = local.application_name
   platform_vars = local.platform_vars
 
-  account_config         = local.account_config
-  environment_config     = local.environment_config_dev
-  ldap_config            = local.ldap_config_dev
-  db_config              = local.db_config_dev
-  weblogic_config        = local.weblogic_config_dev
-  weblogic_eis_config    = local.weblogic_eis_config_dev
-  bastion_config         = local.bastion_config_dev
-  gdpr_config            = local.gdpr_config_dev
-  merge_config           = local.merge_config_dev
-  user_management_config = local.user_management_config_dev
-
-  account_info = local.account_info
+  account_config = local.account_config
+  account_info   = local.account_info
 
+  environment_config      = local.environment_config_dev
   environments_in_account = local.delius_environments_per_account.dev
 
+  bastion_config = local.bastion_config_dev
+
+  ldap_config = local.ldap_config_dev
+  db_config   = local.db_config_dev
+
+  delius_microservice_configs = local.delius_microservices_configs_dev
+
   tags = local.tags
 }
diff --git a/terraform/environments/delius-core/main_test.tf b/terraform/environments/delius-core/main_test.tf
@@ -19,20 +19,18 @@ module "environment_test" {
   app_name      = local.application_name
   platform_vars = local.platform_vars
 
-  account_config         = local.account_config
-  environment_config     = local.environment_config_test
-  ldap_config            = local.ldap_config_test
-  db_config              = local.db_config_test
-  weblogic_config        = local.weblogic_config_test
-  weblogic_eis_config    = local.weblogic_eis_config_test
-  merge_config           = local.merge_config_test
-  gdpr_config            = local.gdpr_config_test
-  bastion_config         = local.bastion_config_test
-  user_management_config = local.user_management_config_test
-
-  account_info = local.account_info
+  account_config = local.account_config
+  account_info   = local.account_info
 
+  environment_config      = local.environment_config_test
   environments_in_account = local.delius_environments_per_account.test
 
+  bastion_config = local.bastion_config_test
+
+  ldap_config = local.ldap_config_test
+  db_config   = local.db_config_test
+
+  delius_microservice_configs = local.delius_microservices_configs_test
+
   tags = local.tags
 }
diff --git a/...components/delius_microservice/alb_reg.tf → ...nts/delius_microservice/load_balancing.tf b/...components/delius_microservice/alb_reg.tf → ...nts/delius_microservice/load_balancing.tf
@@ -25,7 +25,7 @@ resource "aws_lb_target_group" "this" {
   }
 }
 
-resource "aws_lb_listener_rule" "this" {
+resource "aws_lb_listener_rule" "alb" {
   count        = var.alb_listener_rule_paths != null ? 1 : 0
   listener_arn = var.microservice_lb_https_listener_arn
   priority     = var.alb_listener_rule_priority != null ? var.alb_listener_rule_priority : null
@@ -39,3 +39,26 @@ resource "aws_lb_listener_rule" "this" {
     target_group_arn = aws_lb_target_group.this.arn
   }
 }
+
+resource "aws_lb_listener_rule" "nlb" {
+  count        = var.ecs_connectivity_nlb != "" ? 1 : 0
+  listener_arn = var.ecs_connectivity_nlb
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this.arn
+  }
+  condition {
+    host_header {
+      values = aws_route53_record.nlb_target_group.name
+    }
+  }
+}
+
+resource "aws_route53_record" "nlb_target_group" {
+  provider = aws.core-vpc
+  zone_id  = var.account_config.route53_inner_zone_info.zone_id
+  name     = "${var.name}.service.${var.env_name}.${var.account_config.dns_suffix}"
+  type     = "CNAME"
+  ttl      = 60
+  records  = []
+}
diff --git a/terraform/environments/delius-core/modules/components/delius_microservice/variables.tf b/terraform/environments/delius-core/modules/components/delius_microservice/variables.tf
@@ -350,4 +350,10 @@ variable "container_cpu" {
   description = "The container cpu to use"
   type        = number
   default     = 512
+}
+
+variable "ecs_connectivity_nlb" {
+  description = "The NLB ARN to use for the ECS connectivity"
+  type        = string
+  default     = ""
 }
diff --git a/terraform/environments/delius-core/modules/environment_all_components/community_api.tf b/terraform/environments/delius-core/modules/environment_all_components/community_api.tf
@@ -1,14 +1,14 @@
 module "community_api" {
   source = "../components/delius_microservice"
 
-  name                  = var.community_api.name
+  name                  = "community-api"
   certificate_arn       = aws_acm_certificate.external.arn
   alb_security_group_id = aws_security_group.delius_frontend_alb_security_group.id
   env_name              = var.env_name
   container_port_config = [
     {
-      containerPort = var.community_api.container_port
-      protocol      = var.community_api.protocol
+      containerPort = var.delius_microservice_configs.community_api.container_port
+      protocol      = "tcp"
     }
   ]
   ecs_cluster_arn = module.ecs.ecs_cluster_arn
@@ -49,7 +49,7 @@ module "community_api" {
   # Please check with the app team what the rule path should be here.
   alb_listener_rule_paths = ["/secure", "/secure/*"]
   platform_vars           = var.platform_vars
-  container_image         = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-core-community-api-ecr-repo:${var.community_api.image_tag}"
+  container_image         = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-core-community-api-ecr-repo:${var.delius_microservice_configs.community_api.image_tag}"
   account_config          = var.account_config
   health_check_path       = "/health/ping"
   account_info            = var.account_info
@@ -101,4 +101,9 @@ module "community_api" {
       value = var.env_name
     }
   ]
+
+  providers = {
+    aws          = aws
+    aws.core-vpc = aws.core-vpc
+  }
 }
diff --git a/terraform/environments/delius-core/modules/environment_all_components/ecs_connect.tf b/terraform/environments/delius-core/modules/environment_all_components/ecs_connect.tf
@@ -24,3 +24,24 @@ resource "aws_vpc_security_group_ingress_rule" "from_bastion" {
   ip_protocol                  = "-1"
   security_group_id            = aws_security_group.delius_microservices_nlb.id
 }
+
+locals {
+  unique_container_ports = distinct([for _, v in var.delius_microservice_configs : v.container_port])
+}
+
+resource "aws_lb_listener" "delius_microservices_listener" {
+  for_each = {
+    for port in local.unique_container_ports : port => var.delius_microservice_configs
+  }
+  load_balancer_arn = aws_lb.delius_microservices.arn
+  port              = each.key
+  protocol          = "TCP"
+  default_action {
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/plain"
+      message_body = "Delius microservices listener"
+      status_code  = "200"
+    }
+  }
+}
diff --git a/terraform/environments/delius-core/modules/environment_all_components/gdpr_api_service.tf b/terraform/environments/delius-core/modules/environment_all_components/gdpr_api_service.tf
@@ -7,7 +7,7 @@ module "gdpr_api_service" {
   env_name              = var.env_name
   container_port_config = [
     {
-      containerPort = 8080
+      containerPort = var.delius_microservice_configs.gdpr_api.container_port
       protocol      = "tcp"
   }]
   ecs_cluster_arn = module.ecs.ecs_cluster_arn
@@ -34,7 +34,7 @@ module "gdpr_api_service" {
   microservice_lb_https_listener_arn = aws_lb_listener.listener_https.arn
   alb_listener_rule_paths            = ["/gdpr/api", "/gdpr/api/*"]
   platform_vars                      = var.platform_vars
-  container_image                    = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-core-gdpr-api-ecr-repo:${var.gdpr_config.api_image_tag}"
+  container_image                    = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-core-gdpr-api-ecr-repo:${var.delius_microservice_configs.gdpr_api.image_tag}"
   account_config                     = var.account_config
   health_check_path                  = "/gdpr/api/actuator/health"
   account_info                       = var.account_info
@@ -140,4 +140,9 @@ module "gdpr_api_service" {
       value = "classpath:/db"
     }
   ]
+
+  providers = {
+    aws          = aws
+    aws.core-vpc = aws.core-vpc
+  }
 }
diff --git a/terraform/environments/delius-core/modules/environment_all_components/gdpr_ui_service.tf b/terraform/environments/delius-core/modules/environment_all_components/gdpr_ui_service.tf
@@ -7,7 +7,7 @@ module "gdpr_ui_service" {
   env_name              = var.env_name
   container_port_config = [
     {
-      containerPort = 80
+      containerPort = var.delius_microservice_configs.gdpr_ui.container_port
       protocol      = "tcp"
     }
   ]
@@ -19,9 +19,14 @@ module "gdpr_ui_service" {
   microservice_lb_https_listener_arn = aws_lb_listener.listener_https.arn
   alb_listener_rule_paths            = ["/gdpr/ui", "/gdpr/ui/*"]
   platform_vars                      = var.platform_vars
-  container_image                    = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-core-gdpr-ui-ecr-repo:${var.gdpr_config.ui_image_tag}"
+  container_image                    = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/delius-core-gdpr-ui-ecr-repo:${var.delius_microservice_configs.gdpr_ui.image_tag}"
   account_config                     = var.account_config
   health_check_path                  = "/gdpr/ui/homepage"
   account_info                       = var.account_info
   container_environment_vars         = []
+
+  providers = {
+    aws          = aws
+    aws.core-vpc = aws.core-vpc
+  }
 }