Skip to content

Commit

Permalink
Modify the file scanner clamav to have variable instances (#3848)
Browse files Browse the repository at this point in the history
  • Loading branch information
asteel-gsa authored May 16, 2024
1 parent f95d6ef commit b4b111f
Show file tree
Hide file tree
Showing 6 changed files with 199 additions and 189 deletions.
39 changes: 20 additions & 19 deletions terraform/dev/dev.tf
Original file line number Diff line number Diff line change
@@ -1,19 +1,20 @@
module "dev" {
source = "../shared/modules/env"
cf_space_name = "dev"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret

database_plan = "medium-gp-psql"
postgrest_instances = 1
swagger_instances = 1
https_proxy_instances = 1
smtp_proxy_instances = 1
clamav_instances = 1
recursive_delete = true
json_params = jsonencode(
{
"storage" : 50,
}
)
}
module "dev" {
source = "../shared/modules/env"
cf_space_name = "dev"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret

database_plan = "medium-gp-psql"
postgrest_instances = 1
swagger_instances = 1
https_proxy_instances = 1
smtp_proxy_instances = 1
clamav_instances = 1
clamav_fs_instances = 1
recursive_delete = true
json_params = jsonencode(
{
"storage" : 50,
}
)
}
49 changes: 25 additions & 24 deletions terraform/preview/preview.tf
Original file line number Diff line number Diff line change
@@ -1,24 +1,25 @@
module "preview" {
source = "../shared/modules/env"
cf_space_name = "preview"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret

database_plan = "medium-gp-psql"
postgrest_instances = 1
swagger_instances = 1
https_proxy_instances = 1
smtp_proxy_instances = 1
clamav_instances = 2
recursive_delete = true
json_params = jsonencode(
{
"storage" : 50,
}
)
}

import {
to = module.preview.module.clamav.cloudfoundry_app.clamav_api
id = "ed9b5108-1e31-44b8-9ba0-375e091c5589"
}
module "preview" {
source = "../shared/modules/env"
cf_space_name = "preview"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret

database_plan = "medium-gp-psql"
postgrest_instances = 1
swagger_instances = 1
https_proxy_instances = 1
smtp_proxy_instances = 1
clamav_instances = 2
clamav_fs_instances = 1
recursive_delete = true
json_params = jsonencode(
{
"storage" : 50,
}
)
}

import {
to = module.preview.module.clamav.cloudfoundry_app.clamav_api
id = "ed9b5108-1e31-44b8-9ba0-375e091c5589"
}
59 changes: 30 additions & 29 deletions terraform/production/production.tf
Original file line number Diff line number Diff line change
@@ -1,29 +1,30 @@
module "production" {
source = "../shared/modules/env"
cf_space_name = "production"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret
clamav_instances = 8
database_plan = "xlarge-gp-psql-redundant"
postgrest_instances = 4
json_params = jsonencode(
{
"storage" : 50,
}
)
}

# Note: The very first time we run apply in production, this will fail because
# the app it refers to, gsa-fac, doesn't exist yet; gsa-fac is deployed outside
# of Terraform. To address this, we should manage deployment of gsa-fac in
# Terraform.
module "domain" {
source = "github.com/18f/terraform-cloudgov//domain?ref=v0.7.0"

cf_org_name = "gsa-tts-oros-fac"
cf_space_name = "production"
app_name_or_id = "gsa-fac"
cdn_plan_name = "domain"
domain_name = "fac.gov"
host_name = "app"
}
module "production" {
source = "../shared/modules/env"
cf_space_name = "production"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret
clamav_instances = 8
clamav_fs_instances = 4
database_plan = "xlarge-gp-psql-redundant"
postgrest_instances = 4
json_params = jsonencode(
{
"storage" : 50,
}
)
}

# Note: The very first time we run apply in production, this will fail because
# the app it refers to, gsa-fac, doesn't exist yet; gsa-fac is deployed outside
# of Terraform. To address this, we should manage deployment of gsa-fac in
# Terraform.
module "domain" {
source = "github.com/18f/terraform-cloudgov//domain?ref=v0.7.0"

cf_org_name = "gsa-tts-oros-fac"
cf_space_name = "production"
app_name_or_id = "gsa-fac"
cdn_plan_name = "domain"
domain_name = "fac.gov"
host_name = "app"
}
2 changes: 1 addition & 1 deletion terraform/shared/modules/env/clamav.tf
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ module "file_scanner_clamav" {
cf_space_name = var.cf_space_name
clamav_image = "ghcr.io/gsa-tts/fac/clamav@${data.docker_registry_image.clamav.sha256_digest}"
max_file_size = "30M"
instances = var.clamav_instances
instances = var.clamav_fs_instances
clamav_memory = var.clamav_memory

proxy_server = module.https-proxy.domain
Expand Down
198 changes: 102 additions & 96 deletions terraform/shared/modules/env/variables.tf
Original file line number Diff line number Diff line change
@@ -1,96 +1,102 @@
# These variables expose what is open for customization in an environment. Where
# there are defaults, they are the production defaults.
#
# Example usage:
#
# For production:
# module "production" {
# source = "../shared/modules/base"
# cf_space_name = "production"
# # No further customization needed
# }
#
# For dev:
# module "dev" {
# cf_space_name = "dev"
# database_plan = "micro-psql"
# recursive_delete = true
# }


variable "cf_org_name" {
type = string
description = "name of the organization to configure"
default = "gsa-tts-oros-fac"
}

variable "cf_space_name" {
type = string
description = "name of the space to configure"
# No default... The calling module knows which env is for which space and we
# shouldn't assume it!
}

variable "database_plan" {
type = string
description = "name of the cloud.gov RDS service plan name to create"
# See https://cloud.gov/docs/services/relational-database/#plans
default = "medium-gp-psql-redundant"
}

variable "recursive_delete" {
type = bool
description = "when true, deletes service bindings attached to the resource (not recommended for production)"
default = false
}

variable "postgrest_instances" {
type = number
description = "the number of instances of the postgrest application to run (default: 2)"
default = 2
}

variable "swagger_instances" {
type = number
description = "the number of instances of the swagger application to run (default: 2)"
default = 2
}

variable "https_proxy_instances" {
type = number
description = "the number of instances of the HTTPS proxy application to run (default: 2)"
default = 2
}

variable "smtp_proxy_instances" {
type = number
description = "the number of instances of the SMTP proxy application to run (default: 2)"
default = 2
}

variable "clamav_instances" {
type = number
description = "the number of instances of the clamav application to run (default: 1)"
default = 1
}

variable "clamav_memory" {
type = number
description = "memory in MB to allocate to clamav app"
default = 3072
}

variable "new_relic_license_key" {
type = string
description = "the license key to use when setting up the New Relic agent"
}

variable "pgrst_jwt_secret" {
type = string
description = "the JWT signing secret for validating JWT tokens from api.data.gov"
}

variable "json_params" {
type = string
description = "Optional parameters used for service instance (-c)"
}
# These variables expose what is open for customization in an environment. Where
# there are defaults, they are the production defaults.
#
# Example usage:
#
# For production:
# module "production" {
# source = "../shared/modules/base"
# cf_space_name = "production"
# # No further customization needed
# }
#
# For dev:
# module "dev" {
# cf_space_name = "dev"
# database_plan = "micro-psql"
# recursive_delete = true
# }


variable "cf_org_name" {
type = string
description = "name of the organization to configure"
default = "gsa-tts-oros-fac"
}

variable "cf_space_name" {
type = string
description = "name of the space to configure"
# No default... The calling module knows which env is for which space and we
# shouldn't assume it!
}

variable "database_plan" {
type = string
description = "name of the cloud.gov RDS service plan name to create"
# See https://cloud.gov/docs/services/relational-database/#plans
default = "medium-gp-psql-redundant"
}

variable "recursive_delete" {
type = bool
description = "when true, deletes service bindings attached to the resource (not recommended for production)"
default = false
}

variable "postgrest_instances" {
type = number
description = "the number of instances of the postgrest application to run (default: 2)"
default = 2
}

variable "swagger_instances" {
type = number
description = "the number of instances of the swagger application to run (default: 2)"
default = 2
}

variable "https_proxy_instances" {
type = number
description = "the number of instances of the HTTPS proxy application to run (default: 2)"
default = 2
}

variable "smtp_proxy_instances" {
type = number
description = "the number of instances of the SMTP proxy application to run (default: 2)"
default = 2
}

variable "clamav_instances" {
type = number
description = "the number of instances of the clamav application to run (default: 1)"
default = 1
}

variable "clamav_fs_instances" {
type = number
description = "the number of instances of the clamav application to run (default: 1)"
default = 1
}

variable "clamav_memory" {
type = number
description = "memory in MB to allocate to clamav app"
default = 3072
}

variable "new_relic_license_key" {
type = string
description = "the license key to use when setting up the New Relic agent"
}

variable "pgrst_jwt_secret" {
type = string
description = "the JWT signing secret for validating JWT tokens from api.data.gov"
}

variable "json_params" {
type = string
description = "Optional parameters used for service instance (-c)"
}
41 changes: 21 additions & 20 deletions terraform/staging/staging.tf
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
module "staging" {
source = "../shared/modules/env"
cf_space_name = "staging"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret

database_plan = "medium-gp-psql"
postgrest_instances = 1
swagger_instances = 1
https_proxy_instances = 1
smtp_proxy_instances = 1
clamav_instances = 1
recursive_delete = true
json_params = jsonencode(
{
"storage" : 50,
}
)
}

module "staging" {
source = "../shared/modules/env"
cf_space_name = "staging"
new_relic_license_key = var.new_relic_license_key
pgrst_jwt_secret = var.pgrst_jwt_secret

database_plan = "medium-gp-psql"
postgrest_instances = 1
swagger_instances = 1
https_proxy_instances = 1
smtp_proxy_instances = 1
clamav_instances = 1
clamav_fs_instances = 1
recursive_delete = true
json_params = jsonencode(
{
"storage" : 50,
}
)
}

0 comments on commit b4b111f

Please sign in to comment.