darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-17 18:52:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Explicitly add allow_ssh flag and disable for production

Browse Source 
This will also ensure any drift is picked up by our infrastructure verification checks

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This commit is contained in:
Carlo Costino
2024-03-13 09:51:41 -04:00
parent f0e66886d2
commit 15f8be7aee
7 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
terraform/production/main.tf
View File

@@ -4,6 +4,7 @@ locals {
env = "production"
app_name = "notify-api"
delete_recursive_allowed = false
allow_ssh = false
}
data "cloudfoundry_space" "production" {
@@ -12,6 +13,7 @@ data "cloudfoundry_space" "production" {
}
resource "cloudfoundry_space" "notify-production" {
allow_ssh = local.allow_ssh
delete_recursive_allowed = local.delete_recursive_allowed
name = local.cf_space_name
org = data.cloudfoundry_org.org.id
@@ -46,6 +48,7 @@ module "csv_upload_bucket" {
module "egress-space" {
source = "../shared/egress_space"
allow_ssh = local.allow_ssh
cf_org_name = local.cf_org_name
cf_restricted_space_name = local.cf_space_name
delete_recursive_allowed = local.delete_recursive_allowed
@@ -57,6 +60,7 @@ module "egress-space" {
module "ses_email" {
source = "../shared/ses"
allow_ssh = local.allow_ssh
cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
name = "${local.app_name}-ses-${local.env}"
@@ -70,6 +74,7 @@ module "ses_email" {
module "sns_sms" {
source = "../shared/sns"
allow_ssh = local.allow_ssh
cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
name = "${local.app_name}-sns-${local.env}"

1
terraform/shared/egress_space/main.tf
View File

@@ -11,6 +11,7 @@ data "cloudfoundry_org" "org" {
###
resource "cloudfoundry_space" "public_egress" {
allow_ssh = var.allow_ssh
delete_recursive_allowed = var.delete_recursive_allowed
name = "${var.cf_restricted_space_name}-egress"
org = data.cloudfoundry_org.org.id

6
terraform/shared/egress_space/variables.tf
View File

@@ -9,3 +9,9 @@ variable "delete_recursive_allowed" {
default = true
description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
}
variable "allow_ssh" {
type = bool
default = true
description = "Flag for allowing SSH access in a space - not recommended in production environments"
}

1
terraform/shared/ses/main.tf
View File

@@ -15,6 +15,7 @@ data "cloudfoundry_space" "space" {
# SES Space
###
resource "cloudfoundry_space" "cf_ses_service_space" {
allow_ssh = var.allow_ssh
delete_recursive_allowed = var.delete_recursive_allowed
name = data.cloudfoundry_space.space.name
org = data.cloudfoundry_org.org.id

6
terraform/shared/ses/variables.tf
View File

@@ -40,3 +40,9 @@ variable "delete_recursive_allowed" {
default = true
description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
}
variable "allow_ssh" {
type = bool
default = true
description = "Flag for allowing SSH access in a space - not recommended in production environments"
}

1
terraform/shared/sns/main.tf
View File

@@ -15,6 +15,7 @@ data "cloudfoundry_space" "space" {
# SNS Space
###
resource "cloudfoundry_space" "cf_sns_service_space" {
allow_ssh = var.allow_ssh
delete_recursive_allowed = var.delete_recursive_allowed
name = data.cloudfoundry_space.space.name
org = data.cloudfoundry_org.org.id

6
terraform/shared/sns/variables.tf
View File

@@ -28,3 +28,9 @@ variable "delete_recursive_allowed" {
default = true
description = "Flag for allowing resources to be recursively deleted - not recommended in production environments"
}
variable "allow_ssh" {
type = bool
default = true
description = "Flag for allowing SSH access in a space - not recommended in production environments"
}