From 9321590d5db7c0fbe983c9b51413706f98d032e0 Mon Sep 17 00:00:00 2001 From: vipin-dfe Date: Mon, 9 Dec 2024 14:49:44 +0000 Subject: [PATCH 1/4] Enable dfe analytics module --- terraform/aks/.terraform.lock.hcl | 52 ++++++++++++++------ terraform/aks/application.tf | 8 ++- terraform/aks/config/development.tfvars.json | 4 +- terraform/aks/config/production.tfvars.json | 3 +- terraform/aks/config/review.tfvars.json | 4 +- terraform/aks/dfe_analytics.tf | 15 ++++++ terraform/aks/variables.tf | 8 +++ 7 files changed, 75 insertions(+), 19 deletions(-) create mode 100644 terraform/aks/dfe_analytics.tf diff --git a/terraform/aks/.terraform.lock.hcl b/terraform/aks/.terraform.lock.hcl index ca1558a9f9..3c3051eeac 100644 --- a/terraform/aks/.terraform.lock.hcl +++ b/terraform/aks/.terraform.lock.hcl @@ -27,9 +27,10 @@ provider "registry.terraform.io/eppo/environment" { provider "registry.terraform.io/hashicorp/azurerm" { version = "3.116.0" - constraints = "3.116.0" + constraints = ">= 3.0.0, 3.116.0" hashes = [ "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", @@ -45,10 +46,31 @@ provider "registry.terraform.io/hashicorp/azurerm" { ] } +provider "registry.terraform.io/hashicorp/google" { + version = "6.6.0" + constraints = "6.6.0" + hashes = [ + "h1:BOwY9eXbFeMU+DC1L8RW1CfcGPIiF1rMxNAxjssqNgk=", + "zh:0c181f9b9f0ab81731e5c4c2d20b6d342244506687437dad94e279ef2a588f68", + "zh:12a4c333fc0ba670e87f09eb574e4b7da90381f9929ef7c866048b6841cc8a6a", + "zh:15c277c2052df89429051350df4bccabe4cf46068433d4d8c673820d9756fc00", + "zh:35d1663c81b81cd98d768fa7b80874b48c51b27c036a3c598a597f653374d3c8", + "zh:56b268389758d544722a342da4174c486a40ffa2a49b45a06111fe31c6c9c867", + "zh:abd3ea8c3a62928ba09ba7eb42b52f53e682bd65e92d573f1739596b5a9a67b1", + "zh:be55a328d61d9db58690db74ed43614111e1105e5e52cee15acaa062df4e233e", + "zh:ce2317ce9fd02cf14323f9e061c43a415b4ae9b3f96046460d0e6b6529a5aa6c", + "zh:d54a6d8e031c824f1de21b93c3e01ed7fec134b4ae55223d08868c6168c98e47", + "zh:d8c6e33b5467c6eb5a970adb251c4c8194af12db5388cff9d4b250294eae4daa", + "zh:f49e4cc9c0b55b3bec7da64dd698298345634a5df372228ee12aa45e57982f64", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.32.0" constraints = "2.32.0" hashes = [ + "h1:3j4XBR5UWQA7xXaiEnzZp0bHbcwOhWetHYKTWIrUTI0=", "h1:Cj3RHyw3wE3AkNlCtSNrZfjFNkShvaZR0K/K3pJlYJU=", "zh:0e715d7fb13a8ad569a5fdc937b488590633f6942e986196fdb17cd7b8f7720e", "zh:495fc23acfe508ed981e60af9a3758218b0967993065e10a297fdbc210874974", @@ -66,22 +88,21 @@ provider "registry.terraform.io/hashicorp/kubernetes" { } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" + version = "3.6.3" hashes = [ - "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", - "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=", + "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451", + "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8", + "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe", + "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1", + "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36", + "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30", + "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615", + "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad", + "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556", + "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0", ] } @@ -89,6 +110,7 @@ provider "registry.terraform.io/statuscakedev/statuscake" { version = "2.2.2" constraints = "2.2.2" hashes = [ + "h1:nVaJkDBk4sv0yWFzg3p+yeJGzE8mB4KJv3Q6/UgU164=", "h1:wFoZJfmNvG6XTf65NLai67geSHqYV1Tilx7OITrHilE=", "zh:0916313344c579d6e05d70f88129a10fe48f7dabe0e61cad17874d6c496f288d", "zh:0d491ff72c2eda6482855033ca2146c5ace1663d07cb3da7253b59ed2e2ec6f4", diff --git a/terraform/aks/application.tf b/terraform/aks/application.tf index 8b7714040e..40ba698dc7 100644 --- a/terraform/aks/application.tf +++ b/terraform/aks/application.tf @@ -16,7 +16,10 @@ module "application_configuration" { is_rails_application = true config_variables = { - PGSSLMODE = local.postgres_ssl_mode + PGSSLMODE = local.postgres_ssl_mode + BIGQUERY_DATASET = var.dataset_name + BIGQUERY_PROJECT_ID = "get-into-teaching" + BIGQUERY_TABLE_NAME = "events" } secret_variables = { DATABASE_URL = module.postgres.url @@ -28,6 +31,7 @@ module "application_configuration" { APP_URL = length(var.internet_hostnames) == 0 ? "" : "https://${var.internet_hostnames[0]}.education.gov.uk", # keeping here as a reminder, but went be set in aks and need to confirm impact APP_ASSETS_URL = length(var.asset_hostnames) == 0 ? "" : "https://${var.asset_hostnames[0]}.education.gov.uk" + GOOGLE_CLOUD_CREDENTIALS = var.enable_dfe_analytics_federated_auth ? module.dfe_analytics[0].google_cloud_credentials : null } } @@ -152,4 +156,6 @@ module "worker_application" { enable_logit = var.enable_logit enable_prometheus_monitoring = var.enable_prometheus_monitoring + + enable_gcp_wif = true } diff --git a/terraform/aks/config/development.tfvars.json b/terraform/aks/config/development.tfvars.json index aa7d7c1c82..dad3dfc94c 100644 --- a/terraform/aks/config/development.tfvars.json +++ b/terraform/aks/config/development.tfvars.json @@ -6,5 +6,7 @@ "enable_logit": true, "enable_prometheus_monitoring": true, "sidekiq_replicas" : 1, - "sidekiq_memory_max" : "1Gi" + "sidekiq_memory_max" : "1Gi", + "dataset_name": "git_website_events_development", + "enable_dfe_analytics_federated_auth": true } diff --git a/terraform/aks/config/production.tfvars.json b/terraform/aks/config/production.tfvars.json index 98e6e4b702..9dd7a3ca2e 100644 --- a/terraform/aks/config/production.tfvars.json +++ b/terraform/aks/config/production.tfvars.json @@ -17,5 +17,6 @@ "enable_logit": true, "enable_prometheus_monitoring": true, "sidekiq_replicas" : 1, - "sidekiq_memory_max" : "1Gi" + "sidekiq_memory_max" : "1Gi", + "dataset_name": "git_website_events_production" } diff --git a/terraform/aks/config/review.tfvars.json b/terraform/aks/config/review.tfvars.json index 2cfed6ceb6..cddff3af22 100644 --- a/terraform/aks/config/review.tfvars.json +++ b/terraform/aks/config/review.tfvars.json @@ -6,5 +6,7 @@ "enable_postgres_ssl": false, "enable_logit": true, "sidekiq_replicas" : 1, - "sidekiq_memory_max" : "1Gi" + "sidekiq_memory_max" : "1Gi", + "enable_dfe_analytics_federated_auth": true, + "dataset_name": "git_website_events_rolling" } diff --git a/terraform/aks/dfe_analytics.tf b/terraform/aks/dfe_analytics.tf new file mode 100644 index 0000000000..55af74aa3f --- /dev/null +++ b/terraform/aks/dfe_analytics.tf @@ -0,0 +1,15 @@ +provider "google" { + project = "get-into-teaching" +} + +module "dfe_analytics" { + count = var.enable_dfe_analytics_federated_auth ? 1 : 0 + source = "./vendor/modules/aks//aks/dfe_analytics" + + azure_resource_prefix = var.azure_resource_prefix + cluster = var.cluster + namespace = var.namespace + service_short = var.service_short + environment = local.environment + gcp_dataset = var.dataset_name +} diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf index 8511908f45..b3f8f387f7 100644 --- a/terraform/aks/variables.tf +++ b/terraform/aks/variables.tf @@ -40,6 +40,14 @@ variable "enable_postgres_backup_storage" { variable "docker_image" { description = "Docker image full name to identify it in the registry. Includes docker registry, repository and tag e.g.: ghcr.io/dfe-digital/teacher-pay-calculator:673f6309fd0c907014f44d6732496ecd92a2bcd0" } +variable "enable_dfe_analytics_federated_auth" { + description = "Create the resources in Google cloud for federated authentication and enable in application" + default = false +} +variable "dataset_name" { + description = "dfe analytics dataset name in Google Bigquery. If not specified, a new one will be created" + default = null +} variable "external_url" { default = null description = "Healthcheck URL for StatusCake monitoring" From fb0e4176a9e8399684d38f7768d9ac8dbdaf477d Mon Sep 17 00:00:00 2001 From: vipin-dfe Date: Mon, 9 Dec 2024 14:50:50 +0000 Subject: [PATCH 2/4] Update ruby configuration for Big Query --- .env.development.yml | 3 --- .env.preprod | 3 --- .env.production | 3 --- .env.rolling | 3 --- config/initializers/dfe_analytics.rb | 2 ++ 5 files changed, 2 insertions(+), 12 deletions(-) diff --git a/.env.development.yml b/.env.development.yml index 56df7b9b3c..6d385d321f 100644 --- a/.env.development.yml +++ b/.env.development.yml @@ -5,8 +5,5 @@ CLARITY_ID: i4a0ipfunv VWO_ID: 713156 FAST_IMAGE_TIMEOUT: 0.25 SIZE_IMAGES: 1 -BIGQUERY_TABLE_NAME: events -BIGQUERY_PROJECT_ID: get-into-teaching -BIGQUERY_DATASET: git_website_events_development GET_AN_ADVISER: 1 GET_AN_ADVISER_FEEDBACK: 1 diff --git a/.env.preprod b/.env.preprod index 288cc4844a..63d200ca0e 100644 --- a/.env.preprod +++ b/.env.preprod @@ -7,8 +7,5 @@ VWO_ID=713156 SKYLIGHT_ENV=test FAST_IMAGE_TIMEOUT=0.25 SIZE_IMAGES=1 -BIGQUERY_TABLE_NAME=events -BIGQUERY_PROJECT_ID=get-into-teaching -BIGQUERY_DATASET=git_website_events_preprod GET_AN_ADVISER=1 GET_AN_ADVISER_FEEDBACK=1 diff --git a/.env.production b/.env.production index e123b97a86..441bf04eb5 100644 --- a/.env.production +++ b/.env.production @@ -6,8 +6,5 @@ VWO_ID=713156 SKYLIGHT_ENV=production FAST_IMAGE_TIMEOUT=0.25 SIZE_IMAGES=1 -BIGQUERY_TABLE_NAME=events -BIGQUERY_PROJECT_ID=get-into-teaching -BIGQUERY_DATASET=git_website_events_production GET_AN_ADVISER=1 GET_AN_ADVISER_FEEDBACK=0 diff --git a/.env.rolling b/.env.rolling index adfba4eb16..1cde498dfa 100644 --- a/.env.rolling +++ b/.env.rolling @@ -6,8 +6,5 @@ VWO_ID=713156 SKYLIGHT_ENV=dev FAST_IMAGE_TIMEOUT=0.25 SIZE_IMAGES=1 -BIGQUERY_TABLE_NAME=events -BIGQUERY_PROJECT_ID=get-into-teaching -BIGQUERY_DATASET=git_website_events_rolling GET_AN_ADVISER=1 GET_AN_ADVISER_FEEDBACK=1 diff --git a/config/initializers/dfe_analytics.rb b/config/initializers/dfe_analytics.rb index c1e2aaf6a7..6f290022ef 100644 --- a/config/initializers/dfe_analytics.rb +++ b/config/initializers/dfe_analytics.rb @@ -61,4 +61,6 @@ Rails.application.config.action_controller.perform_caching && ActionDispatch::FileHandler.new(Rails.root.join("public/cached_pages").to_s).attempt(rack_env).present? end + + config.azure_federated_auth = ENV.include? "GOOGLE_CLOUD_CREDENTIALS" end From 9137ad0ef1776aa68573486c9f0d01e4893aed5d Mon Sep 17 00:00:00 2001 From: vipin-dfe Date: Mon, 9 Dec 2024 14:51:41 +0000 Subject: [PATCH 3/4] Update CI to enable dfe analytics module --- .github/workflows/actions/deploy/action.yml | 5 +++++ .github/workflows/build.yml | 11 +++++++++++ .github/workflows/destroy_review.yml | 2 ++ 3 files changed, 18 insertions(+) diff --git a/.github/workflows/actions/deploy/action.yml b/.github/workflows/actions/deploy/action.yml index 7b4f85ae25..450131cad7 100644 --- a/.github/workflows/actions/deploy/action.yml +++ b/.github/workflows/actions/deploy/action.yml @@ -32,6 +32,11 @@ runs: with: creds: ${{ inputs.AZURE_CREDENTIALS }} + - uses: google-github-actions/auth@v2 + with: + # project_id: get-into-teaching + workload_identity_provider: projects/574582782335/locations/global/workloadIdentityPools/get-into-teaching-app/providers/get-into-teaching-app + - name: Get Short SHA id: sha shell: bash diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ad8cc20749..c1281f755f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -436,6 +436,9 @@ jobs: runs-on: ubuntu-latest continue-on-error: true concurrency: Review_${{github.event.number}} + permissions: + id-token: write + pull-requests: write environment: name: review steps: @@ -495,6 +498,8 @@ jobs: if: github.ref == 'refs/heads/master' concurrency: Development runs-on: ubuntu-latest + permissions: + id-token: write environment: name: development outputs: @@ -613,6 +618,8 @@ jobs: if: github.ref == 'refs/heads/master' concurrency: test runs-on: ubuntu-latest + permissions: + id-token: write environment: name: test steps: @@ -659,6 +666,8 @@ jobs: needs: [ build_base, test ] environment: name: test + permissions: + id-token: write services: postgres: image: postgres:13.10 @@ -729,6 +738,8 @@ jobs: runs-on: ubuntu-latest needs: [ integration, development ] concurrency: production + permissions: + id-token: write environment: name: production steps: diff --git a/.github/workflows/destroy_review.yml b/.github/workflows/destroy_review.yml index 021f5d8fe2..3c11166777 100644 --- a/.github/workflows/destroy_review.yml +++ b/.github/workflows/destroy_review.yml @@ -6,6 +6,8 @@ on: jobs: destroy: name: Destroy + permissions: + id-token: write environment: name: review runs-on: ubuntu-latest From 8699bb82925dba97741783725f557d1eec42f49b Mon Sep 17 00:00:00 2001 From: vipin-dfe Date: Mon, 9 Dec 2024 15:00:28 +0000 Subject: [PATCH 4/4] Update review comment --- terraform/aks/variables.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf index b3f8f387f7..99e2aed1a9 100644 --- a/terraform/aks/variables.tf +++ b/terraform/aks/variables.tf @@ -45,7 +45,8 @@ variable "enable_dfe_analytics_federated_auth" { default = false } variable "dataset_name" { - description = "dfe analytics dataset name in Google Bigquery. If not specified, a new one will be created" + description = "dfe analytics dataset name in Google Bigquery" + default = null } variable "external_url" {