Pre-Recorded Evidence Project - Core infrastructure
The infrastructure for PRE is brought up in 4 stages:
- https://github.com/hmcts/pre-network
- https://github.com/hmcts/pre-vault
- https://github.com/hmcts/pre-shared-infrastructure - YOU ARE HERE
- https://github.com/hmcts/pre-functions
The terraform version is managed by .terraform-version
file in the root of the repo, you can update this whenever you want.
Please run terraform fmt
before submitting a pull request.
Documentation is kept up-to-date using terraform-docs.
We've included pre-commit hooks to help with this.
Install it with:
$ brew install pre-commit
# or
$ pip3 install pre-commit
then run:
$ pre-commit install
- Make your changes locally
- Format your change with
terraform fmt
or the pre-commit hook - Submit a pull request
- Check the terraform plan from the build link that will be posted on your PR
- Get someone else to review your PR
- Merge the PR
- It will automatically be deployed to AAT and Prod environments
- Once successful in AAT and Prod then merge your change to demo, ithc, and perftest branches.
Sometimes it's useful to allow a set user to skip email verification (2FA). E.G. when testing.
This can be done by editing the ./b2c/custom_policies/<env>/TrustFrameworkExtensions.xml
file.
You will need to add a snippet like the following:
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>objectId</Value>
<Value>a207a1b2-f39b-4e70-a211-bd7e26d7504e</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
to the
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
...
block. The object Id can be obtained from that environments Azure AD properties for the user.
This project is licensed under the MIT License - see the LICENSE file for details.
Name | Version |
---|---|
azurerm | 3.115.0 |
random | >= 2.2.0 |
time | ~> 0.12 |
Name | Version |
---|---|
azuread | n/a |
azurerm | 3.115.0 |
azurerm.dev | 3.115.0 |
azurerm.mgmt | 3.115.0 |
azurerm.oms | 3.115.0 |
azurerm.private_dns | 3.115.0 |
azurerm.stg | 3.115.0 |
random | >= 2.2.0 |
Name | Source | Version |
---|---|---|
application_insights | git@github.com:hmcts/terraform-module-application-insights | main |
backup_vault | git@github.com:hmcts/pre-backup-vault.git/ | master |
data_store_db_v14 | git@github.com:hmcts/terraform-module-postgresql-flexible.git | master |
edit_vm | git@github.com:hmcts/terraform-module-virtual-machine.git | master |
finalsa_storage_account | git@github.com:hmcts/cnp-module-storage-account | 4.x |
finalsa_storage_account_backup | git@github.com:hmcts/cnp-module-storage-account | 4.x |
ingestsa_storage_account | git@github.com:hmcts/cnp-module-storage-account | 4.x |
ingestsa_storage_account_backup | git@github.com:hmcts/cnp-module-storage-account | 4.x |
log_analytics_workspace | git@github.com:hmcts/terraform-module-log-analytics-workspace-id.git | master |
sa_storage_account | git@github.com:hmcts/cnp-module-storage-account | 4.x |
sa_storage_account_backup | git@github.com:hmcts/cnp-module-storage-account | 4.x |
Name | Description | Type | Default | Required |
---|---|---|---|---|
aks_subscription_id | n/a | string |
"867a878b-cb68-4de5-9741-361ac9e178b6" |
no |
apim_service_url | The URL of the pre-api for the APIm service | any |
n/a | yes |
bastion_snet_address | n/a | any |
n/a | yes |
cnp_vault_sub | The subscription ID of the subscription that contains the CNP KeyVault | any |
n/a | yes |
common_tags | n/a | map(string) |
n/a | yes |
cors_rules | cors rule for final storage account | list(object({ |
[ |
no |
database_name | n/a | string |
"pre-db" |
no |
dev_subscription_id | n/a | string |
"867a878b-cb68-4de5-9741-361ac9e178b6" |
no |
dns_resource_group | Private DNS zone configuration (for postgres) | string |
"core-infra-intsvc-rg" |
no |
dts_pre_backup_appreg_oid | n/a | any |
n/a | yes |
dts_pre_ent_appreg_oid | n/a | any |
n/a | yes |
dynatrace_server | The server URL, if you want to configure an alternative communication endpoint. | string |
null |
no |
edit_vm_data_disks | n/a | any |
n/a | yes |
edit_vm_private_ip | n/a | any |
n/a | yes |
env | n/a | any |
n/a | yes |
hostgroup | n/a | any |
null |
no |
immutability_period_backup | n/a | any |
n/a | yes |
install_dynatrace_oa | n/a | bool |
true |
no |
jenkins_AAD_objectId | n/a | any |
n/a | yes |
jenkins_ptlsbox_appid | n/a | string |
"a87b3880-6dce-4f9d-b4c4-c4cf3622cb5d" |
no |
jenkins_ptlsbox_oid | n/a | string |
"6df94cb5-c203-4493-bc8a-3f6aad1133e1" |
no |
location | n/a | string |
"UK South" |
no |
location_backup | n/a | string |
"UK West" |
no |
mgmt_net_name | n/a | any |
n/a | yes |
mgmt_net_rg_name | n/a | any |
n/a | yes |
mgmt_subscription_id | n/a | any |
n/a | yes |
num_vid_edit_vms | n/a | number |
1 |
no |
pgsql_admin_username | n/a | string |
"psqladmin" |
no |
pgsql_storage_mb | n/a | string |
"32768" |
no |
pre_ent_appreg_app_id | n/a | any |
n/a | yes |
private_dns_zone | n/a | string |
"private.postgres.database.azure.com" |
no |
privatendpt_snet_address | n/a | any |
n/a | yes |
product | n/a | string |
"pre" |
no |
project | n/a | string |
"sds" |
no |
restore_policy_days | n/a | any |
n/a | yes |
retention_duration | n/a | any |
n/a | yes |
sa_account_tier | n/a | string |
"Standard" |
no |
sa_replication_type | n/a | string |
"GRS" |
no |
schedules | n/a | list(object({ |
[] |
no |
server | n/a | any |
null |
no |
stg_subscription_id | n/a | string |
"74dacd4f-a248-45bb-a2f0-af700dc4cf68" |
no |
tenant_id | n/a | any |
n/a | yes |
video_edit_vm_snet_address | n/a | any |
n/a | yes |
vm_type | n/a | string |
"windows" |
no |
vnet_address_space | n/a | any |
n/a | yes |
zone | Availability Zone for Postgres | string |
"1" |
no |
Name | Description |
---|---|
b2c_asset_files | n/a |
b2c_content_files | n/a |
b2c_html_files | n/a |
b2c_map_files | n/a |