Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DPAT: Building out DataHub components #4162

Merged
merged 7 commits into from
Nov 29, 2023
Merged

Conversation

julialawrence
Copy link
Contributor

@julialawrence julialawrence commented Nov 28, 2023

ministryofjustice/analytical-platform#2454

Implements the following components to support Datahub Deployment:

  • Ingestion iam role/policy
  • RDS database (using datasources for resources provisioned in MP repo)]
  • RDS security group
  • Encryption key

Note:

Resources deployed in the MP repo are retrieved via data source TF calls.

Caveats:

  • Helm deployments still done locally.

Still Outstanding:

  • OpenSearch
  • AWS Kafka-equivalent

@github-actions github-actions bot added the environments-repository Used to exclude PRs from this repo in our Slack PR update label Nov 28, 2023
@julialawrence julialawrence changed the title #data-platform/2454: Bulding out DataHub components DPAT: Building out DataHub components Nov 28, 2023
Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
terraform/environments/hmpps-domain-services terraform/environments/hmpps-domain-services/templates

*****************************

Running TFSEC in terraform/environments/hmpps-domain-services
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             1.506874ms
  parsing              141.807603ms
  adaptation           105.708µs
  checks               3.613901ms
  total                147.034086ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    5
  blocks processed     268
  files read           71

  results
  ──────────────────────────────────────────
  passed               1
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

*****************************

Running TFSEC in terraform/environments/hmpps-domain-services/templates
Skipping folder as path name contains *templates*

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
terraform/environments/hmpps-domain-services terraform/environments/hmpps-domain-services/templates

*****************************

Running Checkov in terraform/environments/hmpps-domain-services
terraform scan results:

Passed checks: 92, Failed checks: 1, Skipped checks: 19

Check: CKV_AWS_103: "Ensure that load balancer is using at least TLS 1.2"
	FAILED for resource: module.baseline.module.lb_listener.aws_lb_listener.this
	File: /../../modules/lb_listener/main.tf:1-61
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-43

		Code lines for this resource are too many. Please use IDE of your choice to review the file.

checkov_exitcode=1

*****************************

Running Checkov in terraform/environments/hmpps-domain-services/templates
Skipping folder as path name contains *templates*

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/hmpps-domain-services terraform/environments/hmpps-domain-services/templates

*****************************

Running tflint in terraform/environments/hmpps-domain-services
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

*****************************

Running tflint in terraform/environments/hmpps-domain-services/templates
Skipping folder as path name contains *templates*
tflint_exitcode=0

@julialawrence julialawrence temporarily deployed to data-platform-apps-and-tools-development November 28, 2023 13:07 — with GitHub Actions Inactive
@julialawrence julialawrence had a problem deploying to data-platform-apps-and-tools-development November 28, 2023 16:20 — with GitHub Actions Failure
Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:

@julialawrence julialawrence temporarily deployed to data-platform-apps-and-tools-development November 29, 2023 13:57 — with GitHub Actions Inactive
Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:

@julialawrence julialawrence temporarily deployed to data-platform-apps-and-tools-development November 29, 2023 15:15 — with GitHub Actions Inactive
Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running TFSEC in terraform/environments/hmpps-oem
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             1.41262ms
  parsing              138.437755ms
  adaptation           109.775µs
  checks               10.4848ms
  total                150.44495ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    5
  blocks processed     270
  files read           71

  results
  ──────────────────────────────────────────
  passed               1
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running Checkov in terraform/environments/hmpps-oem
terraform scan results:

Passed checks: 107, Failed checks: 0, Skipped checks: 19


checkov_exitcode=0

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running tflint in terraform/environments/hmpps-oem
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

@julialawrence julialawrence marked this pull request as ready for review November 29, 2023 15:29
@julialawrence julialawrence requested review from a team as code owners November 29, 2023 15:29
@julialawrence julialawrence had a problem deploying to data-platform-apps-and-tools-development November 29, 2023 15:31 — with GitHub Actions Failure
@julialawrence julialawrence temporarily deployed to data-platform-apps-and-tools-development November 29, 2023 15:36 — with GitHub Actions Inactive
Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running TFSEC in terraform/environments/hmpps-oem
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             3.874281ms
  parsing              134.916194ms
  adaptation           108.553µs
  checks               3.229211ms
  total                142.128239ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    5
  blocks processed     270
  files read           71

  results
  ──────────────────────────────────────────
  passed               1
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running Checkov in terraform/environments/hmpps-oem
terraform scan results:

Passed checks: 107, Failed checks: 0, Skipped checks: 19


checkov_exitcode=0

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running tflint in terraform/environments/hmpps-oem
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running TFSEC in terraform/environments/hmpps-oem
Excluding the following checks: AWS095

======================================================
tfsec is joining the Trivy family

tfsec will continue to remain available 
for the time being, although our engineering 
attention will be directed at Trivy going forward.

You can read more here: 
https://github.com/aquasecurity/tfsec/discussions/1994
======================================================
  timings
  ──────────────────────────────────────────
  disk i/o             1.700228ms
  parsing              151.156867ms
  adaptation           114.474µs
  checks               4.172014ms
  total                157.143583ms

  counts
  ──────────────────────────────────────────
  modules downloaded   0
  modules processed    5
  blocks processed     270
  files read           71

  results
  ──────────────────────────────────────────
  passed               1
  ignored              0
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running Checkov in terraform/environments/hmpps-oem
terraform scan results:

Passed checks: 107, Failed checks: 0, Skipped checks: 19


checkov_exitcode=0

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.2.1)
tflint will check the following folders:
terraform/environments/hmpps-oem

*****************************

Running tflint in terraform/environments/hmpps-oem
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

@julialawrence julialawrence merged commit 86329bd into main Nov 29, 2023
12 checks passed
@julialawrence julialawrence deleted the feature/build-datahub branch November 29, 2023 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
environments-repository Used to exclude PRs from this repo in our Slack PR update
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants