From 55d5e71cf8b4851d1c878bb729aaf3fb628cecf2 Mon Sep 17 00:00:00 2001 From: Adam <74552077+adamtry@users.noreply.github.com> Date: Tue, 1 Apr 2025 09:12:43 +0100 Subject: [PATCH 01/17] Update canary nodejs (#49) --- ReferenceDataApi/serverless.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ReferenceDataApi/serverless.yml b/ReferenceDataApi/serverless.yml index 952a42c..339ba30 100644 --- a/ReferenceDataApi/serverless.yml +++ b/ReferenceDataApi/serverless.yml @@ -132,7 +132,7 @@ resources: - - 'arn:aws:iam:' - Ref: 'AWS::AccountId' - role/LBH_Canary_Role - RuntimeVersion: syn-nodejs-puppeteer-3.1 + RuntimeVersion: syn-nodejs-puppeteer-9.1 RunConfig: TimeoutInSeconds: 300 EnvironmentVariables: From 64131d1f06df4b238980944c17ad20b8ea4e7769 Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Tue, 20 May 2025 15:43:07 +0100 Subject: [PATCH 02/17] add pre-production workflows --- .circleci/config.yml | 276 ++++++++++++------ ReferenceDataApi/serverless.yml | 14 +- terraform/pre-production/maint.tf | 81 +++++ .../terraform-compliance/opensearch.feature | 25 ++ terraform/pre-production/variables.tf | 9 + 5 files changed, 307 insertions(+), 98 deletions(-) create mode 100644 terraform/pre-production/maint.tf create mode 100644 terraform/pre-production/terraform-compliance/opensearch.feature create mode 100644 terraform/pre-production/variables.tf diff --git a/.circleci/config.yml b/.circleci/config.yml index 4f734b7..2ac3fce 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -229,113 +229,211 @@ jobs: steps: - deploy-lambda: stage: "production" + assume-role-pre-production: + executor: docker-python + steps: + - assume-role-and-persist-workspace: + aws-account: $AWS_ACCOUNT_PRE_PRODUCTION + terraform-init-and-plan-pre-production: + executor: docker-terraform + steps: + - terraform-init-then-plan: + environment: "pre-production" + terraform-compliance-pre-production: + executor: docker-terraform + steps: + - terraform-compliance: + environment: "pre-production" + terraform-apply-pre-production: + executor: docker-terraform + steps: + - terraform-apply: + environment: "pre-production" + deploy-to-pre-production: + executor: docker-dotnet + steps: + - deploy-lambda: + stage: "pre-production" workflows: - check: + # check: + # jobs: + # - check-code-formatting: + # context: api-nuget-token-context + # filters: + # branches: + # ignore: + # - master + # - release + # - build-and-test: + # context: + # - api-nuget-token-context + # - SonarCloud + # filters: + # branches: + # ignore: + # - master + # - release + + # check-and-deploy-development: + # jobs: + # - check-code-formatting: + # context: api-nuget-token-context + # filters: + # branches: + # only: master + # - build-and-test: + # context: + # - api-nuget-token-context + # - SonarCloud + # filters: + # branches: + # only: master + # - assume-role-development: + # context: api-assume-role-housing-development-context + # requires: + # - build-and-test + # - terraform-init-and-plan-development: + # requires: + # - assume-role-development + # - terraform-compliance-development: + # requires: + # - terraform-init-and-plan-development + # - terraform-apply-development: + # requires: + # - terraform-compliance-development + # - deploy-to-development: + # context: + # - api-nuget-token-context + # - "Serverless Framework" + # requires: + # - terraform-apply-development + + # check-and-deploy-staging-and-production: + # jobs: + # - build-and-test: + # context: + # - api-nuget-token-context + # - SonarCloud + # filters: + # branches: + # only: release + # - assume-role-staging: + # context: api-assume-role-housing-staging-context + # requires: + # - build-and-test + # - terraform-init-and-plan-staging: + # requires: + # - assume-role-staging + # - terraform-compliance-staging: + # requires: + # - terraform-init-and-plan-staging + # - terraform-apply-staging: + # requires: + # - terraform-compliance-staging + # - deploy-to-staging: + # context: + # - api-nuget-token-context + # - "Serverless Framework" + # requires: + # - terraform-apply-staging + # - permit-production-terraform-release: + # type: approval + # requires: + # - deploy-to-staging + # - assume-role-production: + # context: api-assume-role-housing-production-context + # requires: + # - permit-production-terraform-release + # - terraform-init-and-plan-production: + # requires: + # - assume-role-production + # - terraform-compliance-production: + # requires: + # - terraform-init-and-plan-production + # - terraform-apply-production: + # requires: + # - terraform-compliance-production + # - permit-production-release: + # type: approval + # requires: + # - terraform-apply-production + # - deploy-to-production: + # context: + # - api-nuget-token-context + # - "Serverless Framework" + # requires: + # - permit-production-release + + deploy-terraform-pre-production: jobs: - - check-code-formatting: - context: api-nuget-token-context + - permit-pre-production-terraform-workflow: + type: approval filters: branches: - ignore: - - master - - release - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud + only: ts-2045-add-pre-production-workflows + - assume-role-pre-production: + context: api-assume-role-housing-pre-production-context + requires: + - permit-pre-production-terraform-workflow filters: branches: - ignore: - - master - - release - - check-and-deploy-development: - jobs: - - check-code-formatting: - context: api-nuget-token-context + only: ts-2045-add-pre-production-workflows + - terraform-init-and-plan-pre-production: + requires: + - assume-role-pre-production filters: branches: - only: master - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: master - - assume-role-development: - context: api-assume-role-housing-development-context - requires: - - build-and-test - - terraform-init-and-plan-development: - requires: - - assume-role-development - - terraform-compliance-development: + only: ts-2045-add-pre-production-workflows + - terraform-compliance-pre-production: requires: - - terraform-init-and-plan-development - - terraform-apply-development: + - terraform-init-and-plan-pre-production + filters: + branches: + only: ts-2045-add-pre-production-workflows + - permit-pre-production-terraform-deployment: + type: approval requires: - - terraform-compliance-development - - deploy-to-development: - context: - - api-nuget-token-context - - "Serverless Framework" + - terraform-compliance-pre-production + filters: + branches: + only: ts-2045-add-pre-production-workflows + - terraform-apply-pre-production: requires: - - terraform-apply-development + - permit-pre-production-terraform-deployment + filters: + branches: + only: ts-2045-add-pre-production-workflows - check-and-deploy-staging-and-production: + deploy-code-pre-production: jobs: - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud + - permit-pre-production-code-workflow: + type: approval filters: branches: - only: release - - assume-role-staging: - context: api-assume-role-housing-staging-context - requires: - - build-and-test - - terraform-init-and-plan-staging: - requires: - - assume-role-staging - - terraform-compliance-staging: - requires: - - terraform-init-and-plan-staging - - terraform-apply-staging: + only: ts-2045-add-pre-production-workflows + - build-and-test: requires: - - terraform-compliance-staging - - deploy-to-staging: - context: + - permit-pre-production-code-workflow + context: - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-apply-staging - - permit-production-terraform-release: - type: approval - requires: - - deploy-to-staging - - assume-role-production: - context: api-assume-role-housing-production-context - requires: - - permit-production-terraform-release - - terraform-init-and-plan-production: - requires: - - assume-role-production - - terraform-compliance-production: - requires: - - terraform-init-and-plan-production - - terraform-apply-production: - requires: - - terraform-compliance-production - - permit-production-release: - type: approval + - SonarCloud + filters: + branches: + only: ts-2045-add-pre-production-workflows + - assume-role-pre-production: + context: api-assume-role-housing-pre-production-context requires: - - terraform-apply-production - - deploy-to-production: + - build-and-test + filters: + branches: + only: ts-2045-add-pre-production-workflows + - deploy-to-pre-production: context: - - api-nuget-token-context - - "Serverless Framework" + - api-nuget-token-context + - "Serverless Framework" requires: - - permit-production-release + - assume-role-pre-production + filters: + branches: + only: ts-2045-add-pre-production-workflows diff --git a/ReferenceDataApi/serverless.yml b/ReferenceDataApi/serverless.yml index 339ba30..56335ef 100644 --- a/ReferenceDataApi/serverless.yml +++ b/ReferenceDataApi/serverless.yml @@ -100,15 +100,6 @@ resources: - Ref: 'AWS::Region' - Ref: 'AWS::AccountId' - 'log-group:/aws/lambda/*:*:*' - - Effect: "Allow" - Action: - - "s3:PutObject" - - "s3:GetObject" - Resource: - Fn::Join: - - "" - - - "arn:aws:s3:::" - - "Ref": "ServerlessDeploymentBucket" - PolicyName: lambdaInvocation PolicyDocument: Version: '2012-10-17' @@ -154,6 +145,7 @@ custom: development: arn:aws:lambda:eu-west-2:859159924354:function:api-auth-verify-token-new-development-apiauthverifytokennew staging: arn:aws:lambda:eu-west-2:715003523189:function:api-auth-verify-token-new-staging-apiauthverifytokennew production: arn:aws:lambda:eu-west-2:153306643385:function:api-auth-verify-token-new-production-apiauthverifytokennew + pre-production: arn:aws:lambda:eu-west-2:578479666894:function:api-auth-verify-token-new-pre-production-apiauthverifytokennew safeguards: - title: Require authorizer safeguard: require-authorizer @@ -187,3 +179,7 @@ custom: subnetIds: - subnet-06a697d86a9b6ed01 - subnet-0beb266003a56ca82 + pre-production: + subnetIds: + - subnet-08aa35159a8706faa + - subnet-0b848c5b14f841dfb diff --git a/terraform/pre-production/maint.tf b/terraform/pre-production/maint.tf new file mode 100644 index 0000000..8912a42 --- /dev/null +++ b/terraform/pre-production/maint.tf @@ -0,0 +1,81 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 3.0" + } + } +} + +provider "aws" { + region = "eu-west-2" + default_tags { + tags = { + Name = "reference-data-api-${var.environment_name}" + Environment = var.environment_name + terraform-managed = true + project_name = var.project_name + Application = "MTFH Housing Pre-Production" + TeamEmail = "developementteam@hackney.gov.uk" + BackupPolicy = "Dev" + Confidentiality = "Internal" + } + } +} + +data "aws_caller_identity" "current" {} + +data "aws_region" "current" {} + +locals { + esDomain = "https://${module.elasticsearch_db_pre_production.es_endpoint_url}" +} + +terraform { + backend "s3" { + bucket = "housing-pre-production-terraform-state" + encrypt = true + region = "eu-west-2" + key = "services/reference-data-api/state" + dynamodb_table = "housing-pre-production-terraform-state-lock" + } +} + +data "aws_vpc" "pre_production_vpc" { + tags = { + Name = "housing-pre-prod-pre-prod" + } +} + +data "aws_subnet_ids" "pre_production" { + vpc_id = data.aws_vpc.pre_production_vpc.id + filter { + name = "tag:Type" + values = ["private"] + } +} + +module "elasticsearch_db_pre_production" { + source = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/database/elasticsearch" + vpc_id = data.aws_vpc.pre_production_vpc.id + environment_name = "pre-production" + port = 443 + domain_name = "reference-data-api-es" + subnet_ids = data.aws_subnet_ids.pre_production.ids + project_name = "reference-data-api" + es_version = "7.8" + encrypt_at_rest = "true" + instance_type = "t3.small.elasticsearch" + instance_count = "2" + ebs_enabled = "true" + ebs_volume_size = "30" + region = data.aws_region.current.name + account_id = data.aws_caller_identity.current.account_id + create_service_role = false +} + +resource "aws_ssm_parameter" "reference_data_elasticsearch_domain" { + name = "/reference-data-api/pre-production/elasticsearch-domain" + type = "String" + value = local.esDomain +} diff --git a/terraform/pre-production/terraform-compliance/opensearch.feature b/terraform/pre-production/terraform-compliance/opensearch.feature new file mode 100644 index 0000000..ff7830f --- /dev/null +++ b/terraform/pre-production/terraform-compliance/opensearch.feature @@ -0,0 +1,25 @@ +Feature: OpenSearch is used to host the ElasticSearch clusters + In order to improve security + As engineers + We'll use ensure our OpenSearch clusters are configured correctly + + Scenario: Ensure it is deployed in a VPC + Given I have aws_elasticsearch_domain defined + Then it must contain vpc_options + + Scenario: Ensure OpenSearch clusters are encrypted at rest + Given I have aws_elasticsearch_domain defined + Then it must contain encrypt_at_rest + And its enabled property must be true + + Scenario: Ensure minimum instance count is 2 + Given I have aws_elasticsearch_domain defined + Then it must contain cluster_config + And it must contain instance_count + And its value must be greater and equal to 2 + + Scenario: Ensure instance type is small or medium + Given I have aws_elasticsearch_domain defined + Then it must contain cluster_config + And it must contain instance_type + And its value must match the "^(t3\.small\.elasticsearch|t3\.medium\.elasticsearch)" regex diff --git a/terraform/pre-production/variables.tf b/terraform/pre-production/variables.tf new file mode 100644 index 0000000..c92cb7b --- /dev/null +++ b/terraform/pre-production/variables.tf @@ -0,0 +1,9 @@ +variable "environment_name" { + type = string + default = "pre-prod" +} + +variable "project_name" { + type = string + default = "Housing-Pre-Production" +} From ddef997db15a8619b3c1451f97ffd4689d99f0da Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Tue, 20 May 2025 15:50:45 +0100 Subject: [PATCH 03/17] fix subnet config for pre-prod es --- terraform/pre-production/maint.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/pre-production/maint.tf b/terraform/pre-production/maint.tf index 8912a42..c1d125e 100644 --- a/terraform/pre-production/maint.tf +++ b/terraform/pre-production/maint.tf @@ -61,7 +61,7 @@ module "elasticsearch_db_pre_production" { environment_name = "pre-production" port = 443 domain_name = "reference-data-api-es" - subnet_ids = data.aws_subnet_ids.pre_production.ids + subnet_ids = [tolist(data.aws_subnet_ids.development.ids)[0]] project_name = "reference-data-api" es_version = "7.8" encrypt_at_rest = "true" From 1714f7991f2c7d4e8c714b9a197a56288f77d9e6 Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Tue, 20 May 2025 15:52:13 +0100 Subject: [PATCH 04/17] fix subnet reference --- terraform/pre-production/maint.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/pre-production/maint.tf b/terraform/pre-production/maint.tf index c1d125e..e31c308 100644 --- a/terraform/pre-production/maint.tf +++ b/terraform/pre-production/maint.tf @@ -61,7 +61,7 @@ module "elasticsearch_db_pre_production" { environment_name = "pre-production" port = 443 domain_name = "reference-data-api-es" - subnet_ids = [tolist(data.aws_subnet_ids.development.ids)[0]] + subnet_ids = [tolist(data.aws_subnet_ids.pre_production.ids)[0]] project_name = "reference-data-api" es_version = "7.8" encrypt_at_rest = "true" From db457961daf0b5bf1a60da104aa7b7a15ab66e63 Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Tue, 20 May 2025 16:17:25 +0100 Subject: [PATCH 05/17] add ssm parameter for pre-prod reference token --- terraform/pre-production/aws_ssm_parameter.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 terraform/pre-production/aws_ssm_parameter.tf diff --git a/terraform/pre-production/aws_ssm_parameter.tf b/terraform/pre-production/aws_ssm_parameter.tf new file mode 100644 index 0000000..fe32f64 --- /dev/null +++ b/terraform/pre-production/aws_ssm_parameter.tf @@ -0,0 +1,11 @@ +resource "aws_ssm_parameter" "reference_data_token" { + name = "/housing-tl/pre-production/reference-data-token" + type = "String" + value = "to_be_set_manually" + + lifecycle { + ignore_changes = [ + value, + ] + } +} From 3d9703c93cb627399b21cd1fc46b72cc333e09a8 Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Tue, 20 May 2025 16:31:38 +0100 Subject: [PATCH 06/17] remove approval from pre-prod workflow --- .circleci/config.yml | 237 +++++++++++++++++++++---------------------- 1 file changed, 115 insertions(+), 122 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2ac3fce..b8a611c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -256,114 +256,114 @@ jobs: stage: "pre-production" workflows: - # check: - # jobs: - # - check-code-formatting: - # context: api-nuget-token-context - # filters: - # branches: - # ignore: - # - master - # - release - # - build-and-test: - # context: - # - api-nuget-token-context - # - SonarCloud - # filters: - # branches: - # ignore: - # - master - # - release + check: + jobs: + - check-code-formatting: + context: api-nuget-token-context + filters: + branches: + ignore: + - master + - release + - build-and-test: + context: + - api-nuget-token-context + - SonarCloud + filters: + branches: + ignore: + - master + - release - # check-and-deploy-development: - # jobs: - # - check-code-formatting: - # context: api-nuget-token-context - # filters: - # branches: - # only: master - # - build-and-test: - # context: - # - api-nuget-token-context - # - SonarCloud - # filters: - # branches: - # only: master - # - assume-role-development: - # context: api-assume-role-housing-development-context - # requires: - # - build-and-test - # - terraform-init-and-plan-development: - # requires: - # - assume-role-development - # - terraform-compliance-development: - # requires: - # - terraform-init-and-plan-development - # - terraform-apply-development: - # requires: - # - terraform-compliance-development - # - deploy-to-development: - # context: - # - api-nuget-token-context - # - "Serverless Framework" - # requires: - # - terraform-apply-development + check-and-deploy-development: + jobs: + - check-code-formatting: + context: api-nuget-token-context + filters: + branches: + only: master + - build-and-test: + context: + - api-nuget-token-context + - SonarCloud + filters: + branches: + only: master + - assume-role-development: + context: api-assume-role-housing-development-context + requires: + - build-and-test + - terraform-init-and-plan-development: + requires: + - assume-role-development + - terraform-compliance-development: + requires: + - terraform-init-and-plan-development + - terraform-apply-development: + requires: + - terraform-compliance-development + - deploy-to-development: + context: + - api-nuget-token-context + - "Serverless Framework" + requires: + - terraform-apply-development - # check-and-deploy-staging-and-production: - # jobs: - # - build-and-test: - # context: - # - api-nuget-token-context - # - SonarCloud - # filters: - # branches: - # only: release - # - assume-role-staging: - # context: api-assume-role-housing-staging-context - # requires: - # - build-and-test - # - terraform-init-and-plan-staging: - # requires: - # - assume-role-staging - # - terraform-compliance-staging: - # requires: - # - terraform-init-and-plan-staging - # - terraform-apply-staging: - # requires: - # - terraform-compliance-staging - # - deploy-to-staging: - # context: - # - api-nuget-token-context - # - "Serverless Framework" - # requires: - # - terraform-apply-staging - # - permit-production-terraform-release: - # type: approval - # requires: - # - deploy-to-staging - # - assume-role-production: - # context: api-assume-role-housing-production-context - # requires: - # - permit-production-terraform-release - # - terraform-init-and-plan-production: - # requires: - # - assume-role-production - # - terraform-compliance-production: - # requires: - # - terraform-init-and-plan-production - # - terraform-apply-production: - # requires: - # - terraform-compliance-production - # - permit-production-release: - # type: approval - # requires: - # - terraform-apply-production - # - deploy-to-production: - # context: - # - api-nuget-token-context - # - "Serverless Framework" - # requires: - # - permit-production-release + check-and-deploy-staging-and-production: + jobs: + - build-and-test: + context: + - api-nuget-token-context + - SonarCloud + filters: + branches: + only: release + - assume-role-staging: + context: api-assume-role-housing-staging-context + requires: + - build-and-test + - terraform-init-and-plan-staging: + requires: + - assume-role-staging + - terraform-compliance-staging: + requires: + - terraform-init-and-plan-staging + - terraform-apply-staging: + requires: + - terraform-compliance-staging + - deploy-to-staging: + context: + - api-nuget-token-context + - "Serverless Framework" + requires: + - terraform-apply-staging + - permit-production-terraform-release: + type: approval + requires: + - deploy-to-staging + - assume-role-production: + context: api-assume-role-housing-production-context + requires: + - permit-production-terraform-release + - terraform-init-and-plan-production: + requires: + - assume-role-production + - terraform-compliance-production: + requires: + - terraform-init-and-plan-production + - terraform-apply-production: + requires: + - terraform-compliance-production + - permit-production-release: + type: approval + requires: + - terraform-apply-production + - deploy-to-production: + context: + - api-nuget-token-context + - "Serverless Framework" + requires: + - permit-production-release deploy-terraform-pre-production: jobs: @@ -371,63 +371,56 @@ workflows: type: approval filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - assume-role-pre-production: context: api-assume-role-housing-pre-production-context requires: - permit-pre-production-terraform-workflow filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - terraform-init-and-plan-pre-production: requires: - assume-role-pre-production filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - terraform-compliance-pre-production: requires: - terraform-init-and-plan-pre-production filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - permit-pre-production-terraform-deployment: type: approval requires: - terraform-compliance-pre-production filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - terraform-apply-pre-production: requires: - permit-pre-production-terraform-deployment filters: branches: - only: ts-2045-add-pre-production-workflows + only: release deploy-code-pre-production: jobs: - - permit-pre-production-code-workflow: - type: approval - filters: - branches: - only: ts-2045-add-pre-production-workflows - build-and-test: - requires: - - permit-pre-production-code-workflow context: - api-nuget-token-context - SonarCloud filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - assume-role-pre-production: context: api-assume-role-housing-pre-production-context requires: - build-and-test filters: branches: - only: ts-2045-add-pre-production-workflows + only: release - deploy-to-pre-production: context: - api-nuget-token-context @@ -436,4 +429,4 @@ workflows: - assume-role-pre-production filters: branches: - only: ts-2045-add-pre-production-workflows + only: release From 880177e1382518b9c6ddd6f68858ec01d06c1f9e Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Fri, 30 May 2025 16:13:51 +0100 Subject: [PATCH 07/17] add sg config for the lambda --- .circleci/config.yml | 224 ++++++++++++++++---------------- ReferenceDataApi/serverless.yml | 2 + 2 files changed, 114 insertions(+), 112 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b8a611c..cf89822 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -256,114 +256,114 @@ jobs: stage: "pre-production" workflows: - check: - jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - ignore: - - master - - release - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - ignore: - - master - - release + # check: + # jobs: + # - check-code-formatting: + # context: api-nuget-token-context + # filters: + # branches: + # ignore: + # - master + # - release + # - build-and-test: + # context: + # - api-nuget-token-context + # - SonarCloud + # filters: + # branches: + # ignore: + # - master + # - release - check-and-deploy-development: - jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - only: master - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: master - - assume-role-development: - context: api-assume-role-housing-development-context - requires: - - build-and-test - - terraform-init-and-plan-development: - requires: - - assume-role-development - - terraform-compliance-development: - requires: - - terraform-init-and-plan-development - - terraform-apply-development: - requires: - - terraform-compliance-development - - deploy-to-development: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-apply-development + # check-and-deploy-development: + # jobs: + # - check-code-formatting: + # context: api-nuget-token-context + # filters: + # branches: + # only: master + # - build-and-test: + # context: + # - api-nuget-token-context + # - SonarCloud + # filters: + # branches: + # only: master + # - assume-role-development: + # context: api-assume-role-housing-development-context + # requires: + # - build-and-test + # - terraform-init-and-plan-development: + # requires: + # - assume-role-development + # - terraform-compliance-development: + # requires: + # - terraform-init-and-plan-development + # - terraform-apply-development: + # requires: + # - terraform-compliance-development + # - deploy-to-development: + # context: + # - api-nuget-token-context + # - "Serverless Framework" + # requires: + # - terraform-apply-development - check-and-deploy-staging-and-production: - jobs: - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: release - - assume-role-staging: - context: api-assume-role-housing-staging-context - requires: - - build-and-test - - terraform-init-and-plan-staging: - requires: - - assume-role-staging - - terraform-compliance-staging: - requires: - - terraform-init-and-plan-staging - - terraform-apply-staging: - requires: - - terraform-compliance-staging - - deploy-to-staging: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-apply-staging - - permit-production-terraform-release: - type: approval - requires: - - deploy-to-staging - - assume-role-production: - context: api-assume-role-housing-production-context - requires: - - permit-production-terraform-release - - terraform-init-and-plan-production: - requires: - - assume-role-production - - terraform-compliance-production: - requires: - - terraform-init-and-plan-production - - terraform-apply-production: - requires: - - terraform-compliance-production - - permit-production-release: - type: approval - requires: - - terraform-apply-production - - deploy-to-production: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - permit-production-release + # check-and-deploy-staging-and-production: + # jobs: + # - build-and-test: + # context: + # - api-nuget-token-context + # - SonarCloud + # filters: + # branches: + # only: release + # - assume-role-staging: + # context: api-assume-role-housing-staging-context + # requires: + # - build-and-test + # - terraform-init-and-plan-staging: + # requires: + # - assume-role-staging + # - terraform-compliance-staging: + # requires: + # - terraform-init-and-plan-staging + # - terraform-apply-staging: + # requires: + # - terraform-compliance-staging + # - deploy-to-staging: + # context: + # - api-nuget-token-context + # - "Serverless Framework" + # requires: + # - terraform-apply-staging + # - permit-production-terraform-release: + # type: approval + # requires: + # - deploy-to-staging + # - assume-role-production: + # context: api-assume-role-housing-production-context + # requires: + # - permit-production-terraform-release + # - terraform-init-and-plan-production: + # requires: + # - assume-role-production + # - terraform-compliance-production: + # requires: + # - terraform-init-and-plan-production + # - terraform-apply-production: + # requires: + # - terraform-compliance-production + # - permit-production-release: + # type: approval + # requires: + # - terraform-apply-production + # - deploy-to-production: + # context: + # - api-nuget-token-context + # - "Serverless Framework" + # requires: + # - permit-production-release deploy-terraform-pre-production: jobs: @@ -371,39 +371,39 @@ workflows: type: approval filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - assume-role-pre-production: context: api-assume-role-housing-pre-production-context requires: - permit-pre-production-terraform-workflow filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - terraform-init-and-plan-pre-production: requires: - assume-role-pre-production filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - terraform-compliance-pre-production: requires: - terraform-init-and-plan-pre-production filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - permit-pre-production-terraform-deployment: type: approval requires: - terraform-compliance-pre-production filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - terraform-apply-pre-production: requires: - permit-pre-production-terraform-deployment filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda deploy-code-pre-production: jobs: diff --git a/ReferenceDataApi/serverless.yml b/ReferenceDataApi/serverless.yml index 56335ef..799b7cf 100644 --- a/ReferenceDataApi/serverless.yml +++ b/ReferenceDataApi/serverless.yml @@ -180,6 +180,8 @@ custom: - subnet-06a697d86a9b6ed01 - subnet-0beb266003a56ca82 pre-production: + securityGroupIds: + - sg-0c6335cf631b61e07 subnetIds: - subnet-08aa35159a8706faa - subnet-0b848c5b14f841dfb From cac49499a6a13dca80cb448a22f18048cbffe3bd Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Fri, 30 May 2025 16:18:51 +0100 Subject: [PATCH 08/17] verify lambda config --- .circleci/config.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cf89822..2bab145 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -371,39 +371,39 @@ workflows: type: approval filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - assume-role-pre-production: context: api-assume-role-housing-pre-production-context requires: - permit-pre-production-terraform-workflow filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - terraform-init-and-plan-pre-production: requires: - assume-role-pre-production filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - terraform-compliance-pre-production: requires: - terraform-init-and-plan-pre-production filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - permit-pre-production-terraform-deployment: type: approval requires: - terraform-compliance-pre-production filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - terraform-apply-pre-production: requires: - permit-pre-production-terraform-deployment filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release deploy-code-pre-production: jobs: @@ -413,14 +413,14 @@ workflows: - SonarCloud filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - assume-role-pre-production: context: api-assume-role-housing-pre-production-context requires: - build-and-test filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda - deploy-to-pre-production: context: - api-nuget-token-context @@ -429,4 +429,4 @@ workflows: - assume-role-pre-production filters: branches: - only: release + only: ts-2045-add-sg-config-for-the-lambda From e9f18da4881d440e61cd8e7aca10d0e53fdc506c Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Fri, 30 May 2025 16:27:55 +0100 Subject: [PATCH 09/17] enable all workflows --- .circleci/config.yml | 218 +++++++++++++++++++++---------------------- 1 file changed, 109 insertions(+), 109 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2bab145..b8a611c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -256,114 +256,114 @@ jobs: stage: "pre-production" workflows: - # check: - # jobs: - # - check-code-formatting: - # context: api-nuget-token-context - # filters: - # branches: - # ignore: - # - master - # - release - # - build-and-test: - # context: - # - api-nuget-token-context - # - SonarCloud - # filters: - # branches: - # ignore: - # - master - # - release + check: + jobs: + - check-code-formatting: + context: api-nuget-token-context + filters: + branches: + ignore: + - master + - release + - build-and-test: + context: + - api-nuget-token-context + - SonarCloud + filters: + branches: + ignore: + - master + - release - # check-and-deploy-development: - # jobs: - # - check-code-formatting: - # context: api-nuget-token-context - # filters: - # branches: - # only: master - # - build-and-test: - # context: - # - api-nuget-token-context - # - SonarCloud - # filters: - # branches: - # only: master - # - assume-role-development: - # context: api-assume-role-housing-development-context - # requires: - # - build-and-test - # - terraform-init-and-plan-development: - # requires: - # - assume-role-development - # - terraform-compliance-development: - # requires: - # - terraform-init-and-plan-development - # - terraform-apply-development: - # requires: - # - terraform-compliance-development - # - deploy-to-development: - # context: - # - api-nuget-token-context - # - "Serverless Framework" - # requires: - # - terraform-apply-development + check-and-deploy-development: + jobs: + - check-code-formatting: + context: api-nuget-token-context + filters: + branches: + only: master + - build-and-test: + context: + - api-nuget-token-context + - SonarCloud + filters: + branches: + only: master + - assume-role-development: + context: api-assume-role-housing-development-context + requires: + - build-and-test + - terraform-init-and-plan-development: + requires: + - assume-role-development + - terraform-compliance-development: + requires: + - terraform-init-and-plan-development + - terraform-apply-development: + requires: + - terraform-compliance-development + - deploy-to-development: + context: + - api-nuget-token-context + - "Serverless Framework" + requires: + - terraform-apply-development - # check-and-deploy-staging-and-production: - # jobs: - # - build-and-test: - # context: - # - api-nuget-token-context - # - SonarCloud - # filters: - # branches: - # only: release - # - assume-role-staging: - # context: api-assume-role-housing-staging-context - # requires: - # - build-and-test - # - terraform-init-and-plan-staging: - # requires: - # - assume-role-staging - # - terraform-compliance-staging: - # requires: - # - terraform-init-and-plan-staging - # - terraform-apply-staging: - # requires: - # - terraform-compliance-staging - # - deploy-to-staging: - # context: - # - api-nuget-token-context - # - "Serverless Framework" - # requires: - # - terraform-apply-staging - # - permit-production-terraform-release: - # type: approval - # requires: - # - deploy-to-staging - # - assume-role-production: - # context: api-assume-role-housing-production-context - # requires: - # - permit-production-terraform-release - # - terraform-init-and-plan-production: - # requires: - # - assume-role-production - # - terraform-compliance-production: - # requires: - # - terraform-init-and-plan-production - # - terraform-apply-production: - # requires: - # - terraform-compliance-production - # - permit-production-release: - # type: approval - # requires: - # - terraform-apply-production - # - deploy-to-production: - # context: - # - api-nuget-token-context - # - "Serverless Framework" - # requires: - # - permit-production-release + check-and-deploy-staging-and-production: + jobs: + - build-and-test: + context: + - api-nuget-token-context + - SonarCloud + filters: + branches: + only: release + - assume-role-staging: + context: api-assume-role-housing-staging-context + requires: + - build-and-test + - terraform-init-and-plan-staging: + requires: + - assume-role-staging + - terraform-compliance-staging: + requires: + - terraform-init-and-plan-staging + - terraform-apply-staging: + requires: + - terraform-compliance-staging + - deploy-to-staging: + context: + - api-nuget-token-context + - "Serverless Framework" + requires: + - terraform-apply-staging + - permit-production-terraform-release: + type: approval + requires: + - deploy-to-staging + - assume-role-production: + context: api-assume-role-housing-production-context + requires: + - permit-production-terraform-release + - terraform-init-and-plan-production: + requires: + - assume-role-production + - terraform-compliance-production: + requires: + - terraform-init-and-plan-production + - terraform-apply-production: + requires: + - terraform-compliance-production + - permit-production-release: + type: approval + requires: + - terraform-apply-production + - deploy-to-production: + context: + - api-nuget-token-context + - "Serverless Framework" + requires: + - permit-production-release deploy-terraform-pre-production: jobs: @@ -413,14 +413,14 @@ workflows: - SonarCloud filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - assume-role-pre-production: context: api-assume-role-housing-pre-production-context requires: - build-and-test filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release - deploy-to-pre-production: context: - api-nuget-token-context @@ -429,4 +429,4 @@ workflows: - assume-role-pre-production filters: branches: - only: ts-2045-add-sg-config-for-the-lambda + only: release From 88f090fa5de6bc99213087a784d80d5641010a95 Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Fri, 20 Feb 2026 10:39:12 +0000 Subject: [PATCH 10/17] update dev authorizer --- .circleci/config.yml | 3 ++- ReferenceDataApi/serverless.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b8a611c..d1de221 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -145,7 +145,8 @@ jobs: build-and-test: executor: docker-python steps: - - checkout + - checkout: + method: full - setup_remote_docker - sonarcloud/scan - run: diff --git a/ReferenceDataApi/serverless.yml b/ReferenceDataApi/serverless.yml index 799b7cf..b04cd41 100644 --- a/ReferenceDataApi/serverless.yml +++ b/ReferenceDataApi/serverless.yml @@ -142,7 +142,7 @@ resources: DurationInSeconds: 0 custom: authorizerArns: - development: arn:aws:lambda:eu-west-2:859159924354:function:api-auth-verify-token-new-development-apiauthverifytokennew + development: arn:aws:lambda:eu-west-2:859159924354:function:api-gateway-lambda-authorizer staging: arn:aws:lambda:eu-west-2:715003523189:function:api-auth-verify-token-new-staging-apiauthverifytokennew production: arn:aws:lambda:eu-west-2:153306643385:function:api-auth-verify-token-new-production-apiauthverifytokennew pre-production: arn:aws:lambda:eu-west-2:578479666894:function:api-auth-verify-token-new-pre-production-apiauthverifytokennew From a8d3ff28d300475b065463848d44897fddda43fa Mon Sep 17 00:00:00 2001 From: LBHTKarki Date: Fri, 20 Feb 2026 11:17:25 +0000 Subject: [PATCH 11/17] add ssh key for tf module access --- .circleci/config.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index d1de221..7afe1e3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -43,6 +43,9 @@ commands: environment: type: string steps: + - add_ssh_keys: + fingerprints: + - "SHA256:rPzp7kChj9Z72jls470HfO0YvieTbdUiB+y8hlxJN8c" - *attach_workspace - checkout - run: @@ -89,6 +92,9 @@ commands: environment: type: string steps: + - add_ssh_keys: + fingerprints: + - "SHA256:rPzp7kChj9Z72jls470HfO0YvieTbdUiB+y8hlxJN8c" - *attach_workspace - checkout - run: From 5c8bf8b3e6d57625c248f3958db3c0d4a7274497 Mon Sep 17 00:00:00 2001 From: Liudvikas Taluntis <43747286+Duslerke@users.noreply.github.com> Date: Thu, 26 Feb 2026 14:54:46 +0000 Subject: [PATCH 12/17] Remove unused JWT package so it doesn't confuse the repo maintainers in terms of what needs to be bumped or checked for compatibility. --- ReferenceDataApi/ReferenceDataApi.csproj | 1 - ReferenceDataApi/Startup.cs | 1 - 2 files changed, 2 deletions(-) diff --git a/ReferenceDataApi/ReferenceDataApi.csproj b/ReferenceDataApi/ReferenceDataApi.csproj index d8b321c..5746d17 100644 --- a/ReferenceDataApi/ReferenceDataApi.csproj +++ b/ReferenceDataApi/ReferenceDataApi.csproj @@ -20,7 +20,6 @@ - diff --git a/ReferenceDataApi/Startup.cs b/ReferenceDataApi/Startup.cs index 4593684..978bd18 100644 --- a/ReferenceDataApi/Startup.cs +++ b/ReferenceDataApi/Startup.cs @@ -138,7 +138,6 @@ public void ConfigureServices(IServiceCollection services) services.AddLogCallAspect(); services.ConfigureElasticSearch(Configuration); services.AddElasticSearchHealthCheck(); - services.AddTokenFactory(); RegisterGateways(services); RegisterUseCases(services); From 77e36b33bda26a7780a00ee35d207216fc952d85 Mon Sep 17 00:00:00 2001 From: Liudvikas Taluntis <43747286+Duslerke@users.noreply.github.com> Date: Thu, 26 Feb 2026 15:11:34 +0000 Subject: [PATCH 13/17] Add back in. --- ReferenceDataApi/ReferenceDataApi.csproj | 1 + ReferenceDataApi/Startup.cs | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ReferenceDataApi/ReferenceDataApi.csproj b/ReferenceDataApi/ReferenceDataApi.csproj index 5746d17..e8c6c93 100644 --- a/ReferenceDataApi/ReferenceDataApi.csproj +++ b/ReferenceDataApi/ReferenceDataApi.csproj @@ -19,6 +19,7 @@ + diff --git a/ReferenceDataApi/Startup.cs b/ReferenceDataApi/Startup.cs index 978bd18..eac575c 100644 --- a/ReferenceDataApi/Startup.cs +++ b/ReferenceDataApi/Startup.cs @@ -138,7 +138,7 @@ public void ConfigureServices(IServiceCollection services) services.AddLogCallAspect(); services.ConfigureElasticSearch(Configuration); services.AddElasticSearchHealthCheck(); - + services.AddTokenFactory(); RegisterGateways(services); RegisterUseCases(services); } From aeafe7616f037e2066a3b51005e11f099b679752 Mon Sep 17 00:00:00 2001 From: Liudvikas Taluntis <43747286+Duslerke@users.noreply.github.com> Date: Thu, 26 Feb 2026 15:36:26 +0000 Subject: [PATCH 14/17] Remove unused package again. I think I know what's going on. --- ReferenceDataApi/ReferenceDataApi.csproj | 1 - ReferenceDataApi/Startup.cs | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/ReferenceDataApi/ReferenceDataApi.csproj b/ReferenceDataApi/ReferenceDataApi.csproj index e8c6c93..5746d17 100644 --- a/ReferenceDataApi/ReferenceDataApi.csproj +++ b/ReferenceDataApi/ReferenceDataApi.csproj @@ -19,7 +19,6 @@ - diff --git a/ReferenceDataApi/Startup.cs b/ReferenceDataApi/Startup.cs index eac575c..61919af 100644 --- a/ReferenceDataApi/Startup.cs +++ b/ReferenceDataApi/Startup.cs @@ -3,7 +3,6 @@ using Amazon.XRay.Recorder.Handlers.AwsSdk; using FluentValidation.AspNetCore; using Hackney.Core.HealthCheck; -using Hackney.Core.JWT; using Hackney.Core.Logging; using Hackney.Core.Middleware.CorrelationId; using Hackney.Core.Middleware.Exception; @@ -138,7 +137,7 @@ public void ConfigureServices(IServiceCollection services) services.AddLogCallAspect(); services.ConfigureElasticSearch(Configuration); services.AddElasticSearchHealthCheck(); - services.AddTokenFactory(); + RegisterGateways(services); RegisterUseCases(services); } From 99786e9c2b3f01d496c0309e44f3d496aa8034f6 Mon Sep 17 00:00:00 2001 From: Liudvikas Taluntis <43747286+Duslerke@users.noreply.github.com> Date: Thu, 26 Feb 2026 15:41:13 +0000 Subject: [PATCH 15/17] Rresolve docker compose race condition. --- docker-compose.yml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index e4a4555..7a89844 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: context: . dockerfile: ReferenceDataApi/Dockerfile args: - - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} + - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} environment: - ElasticSearchDomainUrl=http://reference-data-elasticsearch:9200 networks: @@ -23,16 +23,16 @@ services: context: . dockerfile: ReferenceDataApi.Tests/Dockerfile args: - - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} - - SONAR_TOKEN=${SONAR_TOKEN} + - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} + - SONAR_TOKEN=${SONAR_TOKEN} environment: - ElasticSearchDomainUrl=http://reference-data-elasticsearch:9200 networks: - elastic depends_on: - #- kibana - - reference-data-elasticsearch - + reference-data-elasticsearch: + condition: service_healthy + reference-data-elasticsearch: image: reference-data-elasticsearch container_name: reference-data-elasticsearch @@ -51,7 +51,12 @@ services: - reference-data-esdata-test:/usr/share/elasticsearch/data networks: - elastic - + healthcheck: + test: [ "CMD-SHELL", "curl -s http://localhost:9200/_cluster/health | grep -q '\"status\":\"green\"\\|\"status\":\"yellow\"'" ] + interval: 10s + timeout: 5s + retries: 5 + start_period: 20s #kibana: # image: docker.elastic.co/kibana/kibana:7.9.3 # ports: @@ -60,10 +65,10 @@ services: # - elastic # depends_on: # - reference-data-elasticsearch - + volumes: - reference-data-esdata-test: - driver: local + reference-data-esdata-test: + driver: local networks: elastic: From 1b5e41d05942ca60fe1c9ce5aa7d6b5efa48759d Mon Sep 17 00:00:00 2001 From: Liudvikas Taluntis <43747286+Duslerke@users.noreply.github.com> Date: Thu, 26 Feb 2026 16:10:43 +0000 Subject: [PATCH 16/17] Bump JWT to ensure Cognito Token support. --- ReferenceDataApi/ReferenceDataApi.csproj | 1 + ReferenceDataApi/Startup.cs | 5 +++++ docker-compose.yml | 25 ++++++++++-------------- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/ReferenceDataApi/ReferenceDataApi.csproj b/ReferenceDataApi/ReferenceDataApi.csproj index 5746d17..0ba7035 100644 --- a/ReferenceDataApi/ReferenceDataApi.csproj +++ b/ReferenceDataApi/ReferenceDataApi.csproj @@ -20,6 +20,7 @@ + diff --git a/ReferenceDataApi/Startup.cs b/ReferenceDataApi/Startup.cs index 61919af..9e1cca2 100644 --- a/ReferenceDataApi/Startup.cs +++ b/ReferenceDataApi/Startup.cs @@ -3,6 +3,7 @@ using Amazon.XRay.Recorder.Handlers.AwsSdk; using FluentValidation.AspNetCore; using Hackney.Core.HealthCheck; +using Hackney.Core.JWT; using Hackney.Core.Logging; using Hackney.Core.Middleware.CorrelationId; using Hackney.Core.Middleware.Exception; @@ -137,6 +138,10 @@ public void ConfigureServices(IServiceCollection services) services.AddLogCallAspect(); services.ConfigureElasticSearch(Configuration); services.AddElasticSearchHealthCheck(); + // This is actually insane design, but you have to inject this + // so that the logging core could log a user email! Unguessable! + // Also quite hard to diagnose. + services.AddTokenFactory(); RegisterGateways(services); RegisterUseCases(services); diff --git a/docker-compose.yml b/docker-compose.yml index 7a89844..e4a4555 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: context: . dockerfile: ReferenceDataApi/Dockerfile args: - - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} + - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} environment: - ElasticSearchDomainUrl=http://reference-data-elasticsearch:9200 networks: @@ -23,16 +23,16 @@ services: context: . dockerfile: ReferenceDataApi.Tests/Dockerfile args: - - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} - - SONAR_TOKEN=${SONAR_TOKEN} + - LBHPACKAGESTOKEN=${LBHPACKAGESTOKEN} + - SONAR_TOKEN=${SONAR_TOKEN} environment: - ElasticSearchDomainUrl=http://reference-data-elasticsearch:9200 networks: - elastic depends_on: - reference-data-elasticsearch: - condition: service_healthy - + #- kibana + - reference-data-elasticsearch + reference-data-elasticsearch: image: reference-data-elasticsearch container_name: reference-data-elasticsearch @@ -51,12 +51,7 @@ services: - reference-data-esdata-test:/usr/share/elasticsearch/data networks: - elastic - healthcheck: - test: [ "CMD-SHELL", "curl -s http://localhost:9200/_cluster/health | grep -q '\"status\":\"green\"\\|\"status\":\"yellow\"'" ] - interval: 10s - timeout: 5s - retries: 5 - start_period: 20s + #kibana: # image: docker.elastic.co/kibana/kibana:7.9.3 # ports: @@ -65,10 +60,10 @@ services: # - elastic # depends_on: # - reference-data-elasticsearch - + volumes: - reference-data-esdata-test: - driver: local + reference-data-esdata-test: + driver: local networks: elastic: From e5be5d4e3cc83355cd864b24f68f542ae7d93f0c Mon Sep 17 00:00:00 2001 From: Liudvikas Taluntis <43747286+Duslerke@users.noreply.github.com> Date: Fri, 27 Feb 2026 09:14:20 +0000 Subject: [PATCH 17/17] Update comment explaining to dependencies. --- ReferenceDataApi/Startup.cs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ReferenceDataApi/Startup.cs b/ReferenceDataApi/Startup.cs index 9e1cca2..52dab05 100644 --- a/ReferenceDataApi/Startup.cs +++ b/ReferenceDataApi/Startup.cs @@ -138,9 +138,8 @@ public void ConfigureServices(IServiceCollection services) services.AddLogCallAspect(); services.ConfigureElasticSearch(Configuration); services.AddElasticSearchHealthCheck(); - // This is actually insane design, but you have to inject this - // so that the logging core could log a user email! Unguessable! - // Also quite hard to diagnose. + // Token factory used by the logging middleware core package + // to print user email. Hidden, indirect, implicit dependency services.AddTokenFactory(); RegisterGateways(services);