From b4b111fe7a28b5f422d110ca5fb9442239a2d2f9 Mon Sep 17 00:00:00 2001 From: Alex Steel <130377221+asteel-gsa@users.noreply.github.com> Date: Thu, 16 May 2024 12:46:23 -0400 Subject: [PATCH] Modify the file scanner clamav to have variable instances (#3848) --- terraform/dev/dev.tf | 39 ++--- terraform/preview/preview.tf | 49 +++--- terraform/production/production.tf | 59 +++---- terraform/shared/modules/env/clamav.tf | 2 +- terraform/shared/modules/env/variables.tf | 198 +++++++++++----------- terraform/staging/staging.tf | 41 ++--- 6 files changed, 199 insertions(+), 189 deletions(-) diff --git a/terraform/dev/dev.tf b/terraform/dev/dev.tf index 804807916..d206f0ee7 100644 --- a/terraform/dev/dev.tf +++ b/terraform/dev/dev.tf @@ -1,19 +1,20 @@ -module "dev" { - source = "../shared/modules/env" - cf_space_name = "dev" - new_relic_license_key = var.new_relic_license_key - pgrst_jwt_secret = var.pgrst_jwt_secret - - database_plan = "medium-gp-psql" - postgrest_instances = 1 - swagger_instances = 1 - https_proxy_instances = 1 - smtp_proxy_instances = 1 - clamav_instances = 1 - recursive_delete = true - json_params = jsonencode( - { - "storage" : 50, - } - ) -} +module "dev" { + source = "../shared/modules/env" + cf_space_name = "dev" + new_relic_license_key = var.new_relic_license_key + pgrst_jwt_secret = var.pgrst_jwt_secret + + database_plan = "medium-gp-psql" + postgrest_instances = 1 + swagger_instances = 1 + https_proxy_instances = 1 + smtp_proxy_instances = 1 + clamav_instances = 1 + clamav_fs_instances = 1 + recursive_delete = true + json_params = jsonencode( + { + "storage" : 50, + } + ) +} diff --git a/terraform/preview/preview.tf b/terraform/preview/preview.tf index 3196b856c..6cb6bb687 100644 --- a/terraform/preview/preview.tf +++ b/terraform/preview/preview.tf @@ -1,24 +1,25 @@ -module "preview" { - source = "../shared/modules/env" - cf_space_name = "preview" - new_relic_license_key = var.new_relic_license_key - pgrst_jwt_secret = var.pgrst_jwt_secret - - database_plan = "medium-gp-psql" - postgrest_instances = 1 - swagger_instances = 1 - https_proxy_instances = 1 - smtp_proxy_instances = 1 - clamav_instances = 2 - recursive_delete = true - json_params = jsonencode( - { - "storage" : 50, - } - ) -} - -import { - to = module.preview.module.clamav.cloudfoundry_app.clamav_api - id = "ed9b5108-1e31-44b8-9ba0-375e091c5589" -} +module "preview" { + source = "../shared/modules/env" + cf_space_name = "preview" + new_relic_license_key = var.new_relic_license_key + pgrst_jwt_secret = var.pgrst_jwt_secret + + database_plan = "medium-gp-psql" + postgrest_instances = 1 + swagger_instances = 1 + https_proxy_instances = 1 + smtp_proxy_instances = 1 + clamav_instances = 2 + clamav_fs_instances = 1 + recursive_delete = true + json_params = jsonencode( + { + "storage" : 50, + } + ) +} + +import { + to = module.preview.module.clamav.cloudfoundry_app.clamav_api + id = "ed9b5108-1e31-44b8-9ba0-375e091c5589" +} diff --git a/terraform/production/production.tf b/terraform/production/production.tf index ee233b282..57b30a01b 100644 --- a/terraform/production/production.tf +++ b/terraform/production/production.tf @@ -1,29 +1,30 @@ -module "production" { - source = "../shared/modules/env" - cf_space_name = "production" - new_relic_license_key = var.new_relic_license_key - pgrst_jwt_secret = var.pgrst_jwt_secret - clamav_instances = 8 - database_plan = "xlarge-gp-psql-redundant" - postgrest_instances = 4 - json_params = jsonencode( - { - "storage" : 50, - } - ) -} - -# Note: The very first time we run apply in production, this will fail because -# the app it refers to, gsa-fac, doesn't exist yet; gsa-fac is deployed outside -# of Terraform. To address this, we should manage deployment of gsa-fac in -# Terraform. -module "domain" { - source = "github.com/18f/terraform-cloudgov//domain?ref=v0.7.0" - - cf_org_name = "gsa-tts-oros-fac" - cf_space_name = "production" - app_name_or_id = "gsa-fac" - cdn_plan_name = "domain" - domain_name = "fac.gov" - host_name = "app" -} +module "production" { + source = "../shared/modules/env" + cf_space_name = "production" + new_relic_license_key = var.new_relic_license_key + pgrst_jwt_secret = var.pgrst_jwt_secret + clamav_instances = 8 + clamav_fs_instances = 4 + database_plan = "xlarge-gp-psql-redundant" + postgrest_instances = 4 + json_params = jsonencode( + { + "storage" : 50, + } + ) +} + +# Note: The very first time we run apply in production, this will fail because +# the app it refers to, gsa-fac, doesn't exist yet; gsa-fac is deployed outside +# of Terraform. To address this, we should manage deployment of gsa-fac in +# Terraform. +module "domain" { + source = "github.com/18f/terraform-cloudgov//domain?ref=v0.7.0" + + cf_org_name = "gsa-tts-oros-fac" + cf_space_name = "production" + app_name_or_id = "gsa-fac" + cdn_plan_name = "domain" + domain_name = "fac.gov" + host_name = "app" +} diff --git a/terraform/shared/modules/env/clamav.tf b/terraform/shared/modules/env/clamav.tf index 0b1dc0226..831a96dbf 100644 --- a/terraform/shared/modules/env/clamav.tf +++ b/terraform/shared/modules/env/clamav.tf @@ -38,7 +38,7 @@ module "file_scanner_clamav" { cf_space_name = var.cf_space_name clamav_image = "ghcr.io/gsa-tts/fac/clamav@${data.docker_registry_image.clamav.sha256_digest}" max_file_size = "30M" - instances = var.clamav_instances + instances = var.clamav_fs_instances clamav_memory = var.clamav_memory proxy_server = module.https-proxy.domain diff --git a/terraform/shared/modules/env/variables.tf b/terraform/shared/modules/env/variables.tf index c4c083b9f..ea9f02196 100644 --- a/terraform/shared/modules/env/variables.tf +++ b/terraform/shared/modules/env/variables.tf @@ -1,96 +1,102 @@ -# These variables expose what is open for customization in an environment. Where -# there are defaults, they are the production defaults. -# -# Example usage: -# -# For production: -# module "production" { -# source = "../shared/modules/base" -# cf_space_name = "production" -# # No further customization needed -# } -# -# For dev: -# module "dev" { -# cf_space_name = "dev" -# database_plan = "micro-psql" -# recursive_delete = true -# } - - -variable "cf_org_name" { - type = string - description = "name of the organization to configure" - default = "gsa-tts-oros-fac" -} - -variable "cf_space_name" { - type = string - description = "name of the space to configure" - # No default... The calling module knows which env is for which space and we - # shouldn't assume it! -} - -variable "database_plan" { - type = string - description = "name of the cloud.gov RDS service plan name to create" - # See https://cloud.gov/docs/services/relational-database/#plans - default = "medium-gp-psql-redundant" -} - -variable "recursive_delete" { - type = bool - description = "when true, deletes service bindings attached to the resource (not recommended for production)" - default = false -} - -variable "postgrest_instances" { - type = number - description = "the number of instances of the postgrest application to run (default: 2)" - default = 2 -} - -variable "swagger_instances" { - type = number - description = "the number of instances of the swagger application to run (default: 2)" - default = 2 -} - -variable "https_proxy_instances" { - type = number - description = "the number of instances of the HTTPS proxy application to run (default: 2)" - default = 2 -} - -variable "smtp_proxy_instances" { - type = number - description = "the number of instances of the SMTP proxy application to run (default: 2)" - default = 2 -} - -variable "clamav_instances" { - type = number - description = "the number of instances of the clamav application to run (default: 1)" - default = 1 -} - -variable "clamav_memory" { - type = number - description = "memory in MB to allocate to clamav app" - default = 3072 -} - -variable "new_relic_license_key" { - type = string - description = "the license key to use when setting up the New Relic agent" -} - -variable "pgrst_jwt_secret" { - type = string - description = "the JWT signing secret for validating JWT tokens from api.data.gov" -} - -variable "json_params" { - type = string - description = "Optional parameters used for service instance (-c)" -} +# These variables expose what is open for customization in an environment. Where +# there are defaults, they are the production defaults. +# +# Example usage: +# +# For production: +# module "production" { +# source = "../shared/modules/base" +# cf_space_name = "production" +# # No further customization needed +# } +# +# For dev: +# module "dev" { +# cf_space_name = "dev" +# database_plan = "micro-psql" +# recursive_delete = true +# } + + +variable "cf_org_name" { + type = string + description = "name of the organization to configure" + default = "gsa-tts-oros-fac" +} + +variable "cf_space_name" { + type = string + description = "name of the space to configure" + # No default... The calling module knows which env is for which space and we + # shouldn't assume it! +} + +variable "database_plan" { + type = string + description = "name of the cloud.gov RDS service plan name to create" + # See https://cloud.gov/docs/services/relational-database/#plans + default = "medium-gp-psql-redundant" +} + +variable "recursive_delete" { + type = bool + description = "when true, deletes service bindings attached to the resource (not recommended for production)" + default = false +} + +variable "postgrest_instances" { + type = number + description = "the number of instances of the postgrest application to run (default: 2)" + default = 2 +} + +variable "swagger_instances" { + type = number + description = "the number of instances of the swagger application to run (default: 2)" + default = 2 +} + +variable "https_proxy_instances" { + type = number + description = "the number of instances of the HTTPS proxy application to run (default: 2)" + default = 2 +} + +variable "smtp_proxy_instances" { + type = number + description = "the number of instances of the SMTP proxy application to run (default: 2)" + default = 2 +} + +variable "clamav_instances" { + type = number + description = "the number of instances of the clamav application to run (default: 1)" + default = 1 +} + +variable "clamav_fs_instances" { + type = number + description = "the number of instances of the clamav application to run (default: 1)" + default = 1 +} + +variable "clamav_memory" { + type = number + description = "memory in MB to allocate to clamav app" + default = 3072 +} + +variable "new_relic_license_key" { + type = string + description = "the license key to use when setting up the New Relic agent" +} + +variable "pgrst_jwt_secret" { + type = string + description = "the JWT signing secret for validating JWT tokens from api.data.gov" +} + +variable "json_params" { + type = string + description = "Optional parameters used for service instance (-c)" +} diff --git a/terraform/staging/staging.tf b/terraform/staging/staging.tf index 1db907650..e4532d01d 100644 --- a/terraform/staging/staging.tf +++ b/terraform/staging/staging.tf @@ -1,20 +1,21 @@ -module "staging" { - source = "../shared/modules/env" - cf_space_name = "staging" - new_relic_license_key = var.new_relic_license_key - pgrst_jwt_secret = var.pgrst_jwt_secret - - database_plan = "medium-gp-psql" - postgrest_instances = 1 - swagger_instances = 1 - https_proxy_instances = 1 - smtp_proxy_instances = 1 - clamav_instances = 1 - recursive_delete = true - json_params = jsonencode( - { - "storage" : 50, - } - ) -} - +module "staging" { + source = "../shared/modules/env" + cf_space_name = "staging" + new_relic_license_key = var.new_relic_license_key + pgrst_jwt_secret = var.pgrst_jwt_secret + + database_plan = "medium-gp-psql" + postgrest_instances = 1 + swagger_instances = 1 + https_proxy_instances = 1 + smtp_proxy_instances = 1 + clamav_instances = 1 + clamav_fs_instances = 1 + recursive_delete = true + json_params = jsonencode( + { + "storage" : 50, + } + ) +} +