Skip to content

The Jenkins pipeline and infrastructure repo for pre-recorded-evidence

License

Notifications You must be signed in to change notification settings

hmcts/pre-shared-infrastructure

Folders and files

NameName
Last commit message
Last commit date

Latest commit

damongreen123yashiknohmcts-jenkins-cnp[bot]
Dec 10, 2024
3344e6f · Dec 10, 2024
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pre product infrastructure

Pre-Recorded Evidence Project - Core infrastructure

The infrastructure for PRE is brought up in 4 stages:

  1. https://github.com/hmcts/pre-network
  2. https://github.com/hmcts/pre-vault
  3. https://github.com/hmcts/pre-shared-infrastructure - YOU ARE HERE
  4. https://github.com/hmcts/pre-functions

Getting started

The terraform version is managed by .terraform-version file in the root of the repo, you can update this whenever you want.

Lint

Please run terraform fmt before submitting a pull request.

Documentation is kept up-to-date using terraform-docs.

We've included pre-commit hooks to help with this.

Install it with:

$ brew install pre-commit
# or
$ pip3 install pre-commit

then run:

$ pre-commit install

Workflow

  1. Make your changes locally
  2. Format your change with terraform fmt or the pre-commit hook
  3. Submit a pull request
  4. Check the terraform plan from the build link that will be posted on your PR
  5. Get someone else to review your PR
  6. Merge the PR
  7. It will automatically be deployed to AAT and Prod environments
  8. Once successful in AAT and Prod then merge your change to demo, ithc, and perftest branches.

B2C

Bypassing 2FA

Sometimes it's useful to allow a set user to skip email verification (2FA). E.G. when testing. This can be done by editing the ./b2c/custom_policies/<env>/TrustFrameworkExtensions.xml file. You will need to add a snippet like the following:

<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
  <Value>objectId</Value>
  <Value>a207a1b2-f39b-4e70-a211-bd7e26d7504e</Value>
  <Action>SkipThisOrchestrationStep</Action>
</Precondition>

to the

<OrchestrationStep Order="4" Type="ClaimsExchange">
  <Preconditions>
...

block. The object Id can be obtained from that environments Azure AD properties for the user.

LICENSE

This project is licensed under the MIT License - see the LICENSE file for details.

Requirements

Name Version
azurerm 3.115.0
random >= 2.2.0
time ~> 0.12

Providers

Name Version
azuread n/a
azurerm 3.115.0
azurerm.dev 3.115.0
azurerm.mgmt 3.115.0
azurerm.oms 3.115.0
azurerm.private_dns 3.115.0
azurerm.stg 3.115.0
random >= 2.2.0

Modules

Name Source Version
application_insights git@github.com:hmcts/terraform-module-application-insights main
backup_vault git@github.com:hmcts/pre-backup-vault.git/ master
data_store_db_v14 git@github.com:hmcts/terraform-module-postgresql-flexible.git master
edit_vm git@github.com:hmcts/terraform-module-virtual-machine.git master
finalsa_storage_account git@github.com:hmcts/cnp-module-storage-account 4.x
finalsa_storage_account_backup git@github.com:hmcts/cnp-module-storage-account 4.x
ingestsa_storage_account git@github.com:hmcts/cnp-module-storage-account 4.x
ingestsa_storage_account_backup git@github.com:hmcts/cnp-module-storage-account 4.x
log_analytics_workspace git@github.com:hmcts/terraform-module-log-analytics-workspace-id.git master
sa_storage_account git@github.com:hmcts/cnp-module-storage-account 4.x
sa_storage_account_backup git@github.com:hmcts/cnp-module-storage-account 4.x

Resources

Name Type
azurerm_key_vault_secret.API_POSTGRES_DATABASE resource
azurerm_key_vault_secret.API_POSTGRES_HOST resource
azurerm_key_vault_secret.API_POSTGRES_PASS resource
azurerm_key_vault_secret.API_POSTGRES_PORT resource
azurerm_key_vault_secret.API_POSTGRES_USER resource
azurerm_key_vault_secret.appinsights-key resource
azurerm_key_vault_secret.appinsights_connection_string resource
azurerm_key_vault_secret.edit_password resource
azurerm_key_vault_secret.edit_username resource
azurerm_key_vault_secret.finalsa_storage_account_connection_string resource
azurerm_key_vault_secret.ingestsa_storage_account_connection_string resource
azurerm_key_vault_secret.sa_storage_account_connection_string resource
azurerm_management_lock.storage-backup-final resource
azurerm_management_lock.storage-backup-ingest resource
azurerm_management_lock.storage-backup-sa resource
azurerm_media_content_key_policy.ams_default_policy resource
azurerm_media_content_key_policy.ams_test_dev_policy resource
azurerm_media_content_key_policy.ams_test_stg_policy resource
azurerm_media_services_account.ams resource
azurerm_media_transform.EncodeToMP resource
azurerm_media_transform.analysevideo resource
azurerm_monitor_action_group.pre-support resource
azurerm_monitor_diagnostic_setting.ams_1 resource
azurerm_monitor_diagnostic_setting.storageblobfinalsa resource
azurerm_monitor_diagnostic_setting.storageblobingestsa resource
azurerm_monitor_diagnostic_setting.storageblobsa resource
azurerm_monitor_metric_alert.postgres_alert_active_connections resource
azurerm_monitor_metric_alert.postgres_alert_cpu resource
azurerm_monitor_metric_alert.postgres_alert_failed_connections resource
azurerm_monitor_metric_alert.postgres_alert_memory resource
azurerm_monitor_metric_alert.postgres_alert_storage_utilization resource
azurerm_monitor_metric_alert.storage_final_alert_capacity resource
azurerm_monitor_metric_alert.storage_ingest_alert_capacity resource
azurerm_private_dns_zone_virtual_network_link.ams_zone_link resource
azurerm_private_endpoint.ams_streamingendpoint_private_endpoint resource
azurerm_role_assignment.powerapp_appreg_final resource
azurerm_role_assignment.powerapp_appreg_final_contrib resource
azurerm_role_assignment.powerapp_appreg_finalbackup resource
azurerm_role_assignment.powerapp_appreg_ingest resource
azurerm_role_assignment.powerapp_appreg_ingest_contrib resource
azurerm_role_assignment.powerapp_appreg_ingestfinal resource
azurerm_role_assignment.powerapp_appreg_sa resource
azurerm_role_assignment.powerapp_appreg_sa2 resource
azurerm_role_assignment.powerapp_appreg_sa_cont resource
azurerm_role_assignment.powerapp_appreg_sabackup resource
azurerm_role_assignment.pre_dev_mi_appreg_final_contrib resource
azurerm_role_assignment.pre_dev_mi_appreg_ingest_contrib resource
azurerm_role_assignment.pre_stg_mi_appreg_final_contrib resource
azurerm_role_assignment.pre_stg_mi_appreg_ingest_contrib resource
azurerm_role_assignment.sp_contributor resource
azurerm_role_assignment.vm_contributor resource
azurerm_role_assignment.vm_reader resource
azurerm_storage_blob.b2c_config resource
azurerm_storage_blob.b2c_config_assets resource
azurerm_storage_blob.b2c_config_maps resource
azurerm_storage_blob.b2c_html_file resource
azurerm_virtual_machine_extension.aad resource
azurerm_virtual_machine_extension.edit_init resource
random_password.vm_password resource
random_string.vm_username resource
azuread_group.edit_group data source
azuread_group.pre_group data source
azuread_service_principal.pre_sp data source
azurerm_bastion_host.bastion data source
azurerm_client_config.current data source
azurerm_key_vault.keyvault data source
azurerm_key_vault_secret.apim-sub-editvm-primary-key data source
azurerm_key_vault_secret.dynatrace-tenant-id data source
azurerm_key_vault_secret.dynatrace-token data source
azurerm_key_vault_secret.robot-x-user-id data source
azurerm_key_vault_secret.slack_monitoring_address data source
azurerm_key_vault_secret.symmetrickey data source
azurerm_log_analytics_workspace.loganalytics data source
azurerm_resource_group.rg data source
azurerm_subnet.endpoint_subnet data source
azurerm_subnet.jenkins_subnet data source
azurerm_subnet.pipelineagent_subnet data source
azurerm_subnet.videoedit_subnet data source
azurerm_subscription.current data source
azurerm_user_assigned_identity.managed_identity data source
azurerm_user_assigned_identity.pre_dev_mi data source
azurerm_user_assigned_identity.pre_stg_mi data source
azurerm_virtual_network.vnet data source

Inputs

Name Description Type Default Required
aks_subscription_id n/a string "867a878b-cb68-4de5-9741-361ac9e178b6" no
apim_service_url The URL of the pre-api for the APIm service any n/a yes
bastion_snet_address n/a any n/a yes
cnp_vault_sub The subscription ID of the subscription that contains the CNP KeyVault any n/a yes
common_tags n/a map(string) n/a yes
cors_rules cors rule for final storage account
list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
}))
[
{
"allowed_headers": [
""
],
"allowed_methods": [
"GET",
"POST"
],
"allowed_origins": [
"https://
.justice.gov.uk",
"https://.blob.core.windows.net",
"https://
.files.core.windows.net"
],
"exposed_headers": [
"*"
],
"max_age_in_seconds": 600
}
]
no
database_name n/a string "pre-db" no
dev_subscription_id n/a string "867a878b-cb68-4de5-9741-361ac9e178b6" no
dns_resource_group Private DNS zone configuration (for postgres) string "core-infra-intsvc-rg" no
dts_pre_backup_appreg_oid n/a any n/a yes
dts_pre_ent_appreg_oid n/a any n/a yes
dynatrace_server The server URL, if you want to configure an alternative communication endpoint. string null no
edit_vm_data_disks n/a any n/a yes
edit_vm_private_ip n/a any n/a yes
env n/a any n/a yes
hostgroup n/a any null no
immutability_period_backup n/a any n/a yes
install_dynatrace_oa n/a bool true no
jenkins_AAD_objectId n/a any n/a yes
jenkins_ptlsbox_appid n/a string "a87b3880-6dce-4f9d-b4c4-c4cf3622cb5d" no
jenkins_ptlsbox_oid n/a string "6df94cb5-c203-4493-bc8a-3f6aad1133e1" no
location n/a string "UK South" no
location_backup n/a string "UK West" no
mgmt_net_name n/a any n/a yes
mgmt_net_rg_name n/a any n/a yes
mgmt_subscription_id n/a any n/a yes
num_vid_edit_vms n/a number 1 no
pgsql_admin_username n/a string "psqladmin" no
pgsql_storage_mb n/a string "32768" no
pre_ent_appreg_app_id n/a any n/a yes
private_dns_zone n/a string "private.postgres.database.azure.com" no
privatendpt_snet_address n/a any n/a yes
product n/a string "pre" no
project n/a string "sds" no
restore_policy_days n/a any n/a yes
retention_duration n/a any n/a yes
sa_account_tier n/a string "Standard" no
sa_replication_type n/a string "GRS" no
schedules n/a
list(object({
name = string
frequency = string
interval = number
run_time = string
start_vm = bool
}))
[] no
server n/a any null no
stg_subscription_id n/a string "74dacd4f-a248-45bb-a2f0-af700dc4cf68" no
tenant_id n/a any n/a yes
video_edit_vm_snet_address n/a any n/a yes
vm_type n/a string "windows" no
vnet_address_space n/a any n/a yes
zone Availability Zone for Postgres string "1" no

Outputs

Name Description
b2c_asset_files n/a
b2c_content_files n/a
b2c_html_files n/a
b2c_map_files n/a

About

The Jenkins pipeline and infrastructure repo for pre-recorded-evidence

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published