20240516 main -> staging (fac-file-scanner rebuild)

terraform/dev/dev.tf

@@ -1,19 +1,20 @@
-module "dev" {
-  source                = "../shared/modules/env"
-  cf_space_name         = "dev"
-  new_relic_license_key = var.new_relic_license_key
-  pgrst_jwt_secret      = var.pgrst_jwt_secret
-
-  database_plan         = "medium-gp-psql"
-  postgrest_instances   = 1
-  swagger_instances     = 1
-  https_proxy_instances = 1
-  smtp_proxy_instances  = 1
-  clamav_instances      = 1
-  recursive_delete      = true
-  json_params = jsonencode(
-    {
-      "storage" : 50,
-    }
-  )
-}
+module "dev" {
+  source                = "../shared/modules/env"
+  cf_space_name         = "dev"
+  new_relic_license_key = var.new_relic_license_key
+  pgrst_jwt_secret      = var.pgrst_jwt_secret
+
+  database_plan         = "medium-gp-psql"
+  postgrest_instances   = 1
+  swagger_instances     = 1
+  https_proxy_instances = 1
+  smtp_proxy_instances  = 1
+  clamav_instances      = 1
+  clamav_fs_instances   = 1
+  recursive_delete      = true
+  json_params = jsonencode(
+    {
+      "storage" : 50,
+    }
+  )
+}

terraform/preview/preview.tf

@@ -1,24 +1,25 @@
-module "preview" {
-  source                = "../shared/modules/env"
-  cf_space_name         = "preview"
-  new_relic_license_key = var.new_relic_license_key
-  pgrst_jwt_secret      = var.pgrst_jwt_secret
-
-  database_plan         = "medium-gp-psql"
-  postgrest_instances   = 1
-  swagger_instances     = 1
-  https_proxy_instances = 1
-  smtp_proxy_instances  = 1
-  clamav_instances      = 2
-  recursive_delete      = true
-  json_params = jsonencode(
-    {
-      "storage" : 50,
-    }
-  )
-}
-
-import {
-  to = module.preview.module.clamav.cloudfoundry_app.clamav_api
-  id = "ed9b5108-1e31-44b8-9ba0-375e091c5589"
-}
+module "preview" {
+  source                = "../shared/modules/env"
+  cf_space_name         = "preview"
+  new_relic_license_key = var.new_relic_license_key
+  pgrst_jwt_secret      = var.pgrst_jwt_secret
+
+  database_plan         = "medium-gp-psql"
+  postgrest_instances   = 1
+  swagger_instances     = 1
+  https_proxy_instances = 1
+  smtp_proxy_instances  = 1
+  clamav_instances      = 2
+  clamav_fs_instances   = 1
+  recursive_delete      = true
+  json_params = jsonencode(
+    {
+      "storage" : 50,
+    }
+  )
+}
+
+import {
+  to = module.preview.module.clamav.cloudfoundry_app.clamav_api
+  id = "ed9b5108-1e31-44b8-9ba0-375e091c5589"
+}

terraform/production/production.tf

@@ -1,29 +1,30 @@
-module "production" {
-  source                = "../shared/modules/env"
-  cf_space_name         = "production"
-  new_relic_license_key = var.new_relic_license_key
-  pgrst_jwt_secret      = var.pgrst_jwt_secret
-  clamav_instances      = 8
-  database_plan         = "xlarge-gp-psql-redundant"
-  postgrest_instances   = 4
-  json_params = jsonencode(
-    {
-      "storage" : 50,
-    }
-  )
-}
-
-# Note: The very first time we run apply in production, this will fail because
-# the app it refers to, gsa-fac, doesn't exist yet; gsa-fac is deployed outside
-# of Terraform. To address this, we should manage deployment of gsa-fac in
-# Terraform.
-module "domain" {
-  source = "github.com/18f/terraform-cloudgov//domain?ref=v0.7.0"
-
-  cf_org_name    = "gsa-tts-oros-fac"
-  cf_space_name  = "production"
-  app_name_or_id = "gsa-fac"
-  cdn_plan_name  = "domain"
-  domain_name    = "fac.gov"
-  host_name      = "app"
-}
+module "production" {
+  source                = "../shared/modules/env"
+  cf_space_name         = "production"
+  new_relic_license_key = var.new_relic_license_key
+  pgrst_jwt_secret      = var.pgrst_jwt_secret
+  clamav_instances      = 8
+  clamav_fs_instances   = 4
+  database_plan         = "xlarge-gp-psql-redundant"
+  postgrest_instances   = 4
+  json_params = jsonencode(
+    {
+      "storage" : 50,
+    }
+  )
+}
+
+# Note: The very first time we run apply in production, this will fail because
+# the app it refers to, gsa-fac, doesn't exist yet; gsa-fac is deployed outside
+# of Terraform. To address this, we should manage deployment of gsa-fac in
+# Terraform.
+module "domain" {
+  source = "github.com/18f/terraform-cloudgov//domain?ref=v0.7.0"
+
+  cf_org_name    = "gsa-tts-oros-fac"
+  cf_space_name  = "production"
+  app_name_or_id = "gsa-fac"
+  cdn_plan_name  = "domain"
+  domain_name    = "fac.gov"
+  host_name      = "app"
+}

terraform/shared/modules/env/clamav.tf

@@ -38,7 +38,7 @@ module "file_scanner_clamav" {
   cf_space_name = var.cf_space_name
   clamav_image  = "ghcr.io/gsa-tts/fac/clamav@${data.docker_registry_image.clamav.sha256_digest}"
   max_file_size = "30M"
-  instances     = var.clamav_instances
+  instances     = var.clamav_fs_instances
   clamav_memory = var.clamav_memory
 
   proxy_server   = module.https-proxy.domain

terraform/shared/modules/env/variables.tf

@@ -1,96 +1,102 @@
-# These variables expose what is open for customization in an environment. Where
-# there are defaults, they are the production defaults.
-#
-# Example usage:
-#
-# For production:
-#   module "production" {
-#     source        = "../shared/modules/base"
-#     cf_space_name = "production"
-#     # No further customization needed
-#   }
-#
-# For dev:
-#   module "dev" {
-#     cf_space_name = "dev"
-#     database_plan    = "micro-psql"
-#     recursive_delete = true
-#   }
-
-
-variable "cf_org_name" {
-  type        = string
-  description = "name of the organization to configure"
-  default     = "gsa-tts-oros-fac"
-}
-
-variable "cf_space_name" {
-  type        = string
-  description = "name of the space to configure"
-  # No default... The calling module knows which env is for which space and we
-  # shouldn't assume it!
-}
-
-variable "database_plan" {
-  type        = string
-  description = "name of the cloud.gov RDS service plan name to create"
-  # See https://cloud.gov/docs/services/relational-database/#plans
-  default = "medium-gp-psql-redundant"
-}
-
-variable "recursive_delete" {
-  type        = bool
-  description = "when true, deletes service bindings attached to the resource (not recommended for production)"
-  default     = false
-}
-
-variable "postgrest_instances" {
-  type        = number
-  description = "the number of instances of the postgrest application to run (default: 2)"
-  default     = 2
-}
-
-variable "swagger_instances" {
-  type        = number
-  description = "the number of instances of the swagger application to run (default: 2)"
-  default     = 2
-}
-
-variable "https_proxy_instances" {
-  type        = number
-  description = "the number of instances of the HTTPS proxy application to run (default: 2)"
-  default     = 2
-}
-
-variable "smtp_proxy_instances" {
-  type        = number
-  description = "the number of instances of the SMTP proxy application to run (default: 2)"
-  default     = 2
-}
-
-variable "clamav_instances" {
-  type        = number
-  description = "the number of instances of the clamav application to run (default: 1)"
-  default     = 1
-}
-
-variable "clamav_memory" {
-  type        = number
-  description = "memory in MB to allocate to clamav app"
-  default     = 3072
-}
-
-variable "new_relic_license_key" {
-  type        = string
-  description = "the license key to use when setting up the New Relic agent"
-}
-
-variable "pgrst_jwt_secret" {
-  type        = string
-  description = "the JWT signing secret for validating JWT tokens from api.data.gov"
-}
-
-variable "json_params" {
-  type        = string
-  description = "Optional parameters used for service instance (-c)"
-}
+# These variables expose what is open for customization in an environment. Where
+# there are defaults, they are the production defaults.
+#
+# Example usage:
+#
+# For production:
+#   module "production" {
+#     source        = "../shared/modules/base"
+#     cf_space_name = "production"
+#     # No further customization needed
+#   }
+#
+# For dev:
+#   module "dev" {
+#     cf_space_name = "dev"
+#     database_plan    = "micro-psql"
+#     recursive_delete = true
+#   }
+
+
+variable "cf_org_name" {
+  type        = string
+  description = "name of the organization to configure"
+  default     = "gsa-tts-oros-fac"
+}
+
+variable "cf_space_name" {
+  type        = string
+  description = "name of the space to configure"
+  # No default... The calling module knows which env is for which space and we
+  # shouldn't assume it!
+}
+
+variable "database_plan" {
+  type        = string
+  description = "name of the cloud.gov RDS service plan name to create"
+  # See https://cloud.gov/docs/services/relational-database/#plans
+  default = "medium-gp-psql-redundant"
+}
+
+variable "recursive_delete" {
+  type        = bool
+  description = "when true, deletes service bindings attached to the resource (not recommended for production)"
+  default     = false
+}
+
+variable "postgrest_instances" {
+  type        = number
+  description = "the number of instances of the postgrest application to run (default: 2)"
+  default     = 2
+}
+
+variable "swagger_instances" {
+  type        = number
+  description = "the number of instances of the swagger application to run (default: 2)"
+  default     = 2
+}
+
+variable "https_proxy_instances" {
+  type        = number
+  description = "the number of instances of the HTTPS proxy application to run (default: 2)"
+  default     = 2
+}
+
+variable "smtp_proxy_instances" {
+  type        = number
+  description = "the number of instances of the SMTP proxy application to run (default: 2)"
+  default     = 2
+}
+
+variable "clamav_instances" {
+  type        = number
+  description = "the number of instances of the clamav application to run (default: 1)"
+  default     = 1
+}
+
+variable "clamav_fs_instances" {
+  type        = number
+  description = "the number of instances of the clamav application to run (default: 1)"
+  default     = 1
+}
+
+variable "clamav_memory" {
+  type        = number
+  description = "memory in MB to allocate to clamav app"
+  default     = 3072
+}
+
+variable "new_relic_license_key" {
+  type        = string
+  description = "the license key to use when setting up the New Relic agent"
+}
+
+variable "pgrst_jwt_secret" {
+  type        = string
+  description = "the JWT signing secret for validating JWT tokens from api.data.gov"
+}
+
+variable "json_params" {
+  type        = string
+  description = "Optional parameters used for service instance (-c)"
+}

terraform/staging/staging.tf

@@ -1,20 +1,21 @@
-module "staging" {
-  source                = "../shared/modules/env"
-  cf_space_name         = "staging"
-  new_relic_license_key = var.new_relic_license_key
-  pgrst_jwt_secret      = var.pgrst_jwt_secret
-
-  database_plan         = "medium-gp-psql"
-  postgrest_instances   = 1
-  swagger_instances     = 1
-  https_proxy_instances = 1
-  smtp_proxy_instances  = 1
-  clamav_instances      = 1
-  recursive_delete      = true
-  json_params = jsonencode(
-    {
-      "storage" : 50,
-    }
-  )
-}
-
+module "staging" {
+  source                = "../shared/modules/env"
+  cf_space_name         = "staging"
+  new_relic_license_key = var.new_relic_license_key
+  pgrst_jwt_secret      = var.pgrst_jwt_secret
+
+  database_plan         = "medium-gp-psql"
+  postgrest_instances   = 1
+  swagger_instances     = 1
+  https_proxy_instances = 1
+  smtp_proxy_instances  = 1
+  clamav_instances      = 1
+  clamav_fs_instances   = 1
+  recursive_delete      = true
+  json_params = jsonencode(
+    {
+      "storage" : 50,
+    }
+  )
+}
+