refactor (draft-)router-api to new deployment style

In PR #150, we refactored the way we deploy applications by outputting the
application task definition json when applying the govuk platforming terraform.
This json file is then diffed with previous version and if changes exist, a new
task definition is created for the app using AWS cli.

This PR refactors  (draft-)router-api app to use this new deployment style.

Similar PRs are #152, #153 and #154 for other apps.

Ref:
1. [trello card](https://trello.com/c/HDvhDo1t/379-update-the-router-api-application-to-use-the-new-deployment-approach)

concourse/pipelines/deploy.yml

@@ -107,17 +107,6 @@ resources:
       uri: https://github.com/alphagov/router-api
       tag_filter: release_*
 
-  - <<: *git-repo
-    name: govuk-infrastructure-router-api
-    source:
-      <<: *govuk-infrastructure-source
-      paths:
-        - concourse/tasks
-        - terraform/deployments/apps/*router-api
-        # TODO replace these once router-api is refactored to use the new modules
-        - terraform/modules/task-definition
-        - terraform/modules/task-definitions/router-api
-
   - <<: *git-repo
     name: signon
     source:
@@ -204,6 +193,15 @@ resources:
       versioned_file: static.json
       initial_version: "0"
 
+  - name: router-api-terraform-outputs
+    type: s3
+    icon: file
+    source:
+      bucket: ((readonly_private_bucket_name))
+      region_name: eu-west-2
+      versioned_file: router-api.json
+      initial_version: "0"
+
 groups:
   - name: all
     jobs:
@@ -218,7 +216,6 @@ groups:
       - deploy-router
       - deploy-draft-router
       - deploy-router-api
-      - deploy-draft-router-api
       - deploy-signon
       - deploy-smokey
       - deploy-static
@@ -253,7 +250,6 @@ groups:
   - name: router-api
     jobs:
       - deploy-router-api
-      - deploy-draft-router-api
 
   - name: signon
     jobs:
@@ -286,6 +282,7 @@ jobs:
       - get: signon-terraform-outputs
       - get: smokey-terraform-outputs
       - get: static-terraform-outputs
+      - get: router-api-terraform-outputs
     - task: terraform-apply
       config:
         inputs:
@@ -305,6 +302,9 @@ jobs:
         - name: static-terraform-outputs
           path: old-static-terraform-outputs
           optional: true
+        - name: router-api-terraform-outputs
+          path: old-router-api-terraform-outputs
+          optional: true
         outputs:
         - name: govuk-terraform-outputs
         - name: content-store-terraform-outputs
@@ -317,6 +317,8 @@ jobs:
           path: new-smokey-terraform-outputs
         - name: static-terraform-outputs
           path: new-static-terraform-outputs
+        - name: router-api-terraform-outputs
+          path: new-router-api-terraform-outputs
         params:
           AWS_REGION: eu-west-1
           ASSUME_ROLE_ARN: 'arn:aws:iam::430354129336:role/govuk-concourse-deployer'
@@ -367,6 +369,7 @@ jobs:
             update_terraform_outputs signon
             update_terraform_outputs smokey
             update_terraform_outputs static
+            update_terraform_outputs router-api
 
     - put: govuk-terraform-outputs
       params:
@@ -392,6 +395,10 @@ jobs:
           put: static-terraform-outputs
           params:
             file: static-terraform-outputs/static.json
+      - try:
+          put: router-api-terraform-outputs
+          params:
+            file: router-api-terraform-outputs/router-api.json
 
   - name: deploy-frontend
     plan:
@@ -685,52 +692,44 @@ jobs:
     plan:
     - in_parallel:
       - get: govuk-infrastructure
-        resource: govuk-infrastructure-router-api
+        resource: govuk-infrastructure-concourse-tasks
         trigger: true
-      - get: govuk-terraform-outputs
+      - get: app-terraform-outputs
+        resource: router-api-terraform-outputs
         passed:
         - run-terraform
         trigger: true
       - get: release
         resource: router-api
         trigger: true
-    - task: update-task-definition
-      file: govuk-infrastructure/concourse/tasks/update-task-definition.yml
-      params:
-        APPLICATION: router-api
-        GOVUK_ENVIRONMENT: test
-    - task: update-ecs-service
-      file: govuk-infrastructure/concourse/tasks/update-ecs-service.yml
-      params:
-        ECS_SERVICE: router-api
-        GOVUK_ENVIRONMENT: test
-    serial: true
-    on_failure:
-      <<: *notify-slack-failure
-
-  - name: deploy-draft-router-api
-    plan:
     - in_parallel:
-      - get: govuk-infrastructure
-        resource: govuk-infrastructure-router-api
-        trigger: true
-      - get: govuk-terraform-outputs
-        passed:
-        - run-terraform
-        trigger: true
-      - get: release
-        resource: router-api
-        trigger: true
-    - task: update-task-definition
-      file: govuk-infrastructure/concourse/tasks/update-task-definition.yml
-      params:
-        APPLICATION: draft-router-api
-        GOVUK_ENVIRONMENT: test
-    - task: update-ecs-service
-      file: govuk-infrastructure/concourse/tasks/update-ecs-service.yml
-      params:
-        ECS_SERVICE: draft-router-api
-        GOVUK_ENVIRONMENT: test
+      - task: update-draft-task-definition
+        file: govuk-infrastructure/concourse/tasks/update-task-definition-v2.yml
+        output_mapping:
+          task-definition-arn: draft-task-definition-arn
+        params:
+          APPLICATION: router-api
+          VARIANT: draft
+      - task: update-live-task-definition
+        file: govuk-infrastructure/concourse/tasks/update-task-definition-v2.yml
+        output_mapping:
+          task-definition-arn: live-task-definition-arn
+        params:
+          APPLICATION: router-api
+          VARIANT: live
+    - in_parallel:
+      - task: update-draft-ecs-service
+        file: govuk-infrastructure/concourse/tasks/update-ecs-service-v2.yml
+        input_mapping:
+          task-definition-arn: draft-task-definition-arn
+        params:
+          ECS_SERVICE: draft-router-api
+      - task: update-live-ecs-service
+        file: govuk-infrastructure/concourse/tasks/update-ecs-service-v2.yml
+        input_mapping:
+          task-definition-arn: live-task-definition-arn
+        params:
+          ECS_SERVICE: router-api
     serial: true
     on_failure:
       <<: *notify-slack-failure

terraform/deployments/govuk-publishing-platform/app_router_api.tf

@@ -1,41 +1,94 @@
+locals {
+  router_api_defaults = {
+    cpu    = 512  # TODO parameterize this
+    memory = 1024 # TODO parameterize this
+
+    environment_variables = merge(
+      local.defaults.environment_variables,
+      {
+        GOVUK_APP_NAME          = "router-api",
+        GOVUK_APP_ROOT          = "/var/apps/router-api",
+        PLEK_SERVICE_SIGNON_URI = local.defaults.signon_uri,
+      }
+    )
+
+    secrets_from_arns = local.defaults.secrets_from_arns
+
+    mongodb_hosts = join(",", [
+      data.terraform_remote_state.govuk_aws_router_mongo.outputs.router_backend_1_service_dns_name,
+      data.terraform_remote_state.govuk_aws_router_mongo.outputs.router_backend_2_service_dns_name,
+      data.terraform_remote_state.govuk_aws_router_mongo.outputs.router_backend_3_service_dns_name,
+    ])
+  }
+}
+
+
 module "router_api" {
+  source = "../../modules/app"
+
   service_name                     = "router-api"
   mesh_name                        = aws_appmesh_mesh.govuk.id
   service_discovery_namespace_id   = aws_service_discovery_private_dns_namespace.govuk_publishing_platform.id
   service_discovery_namespace_name = aws_service_discovery_private_dns_namespace.govuk_publishing_platform.name
-  subnets                          = local.private_subnets
-  vpc_id                           = local.vpc_id
   cluster_id                       = aws_ecs_cluster.cluster.id
-  source                           = "../../modules/app"
+  vpc_id                           = local.vpc_id
+  subnets                          = local.private_subnets
   desired_count                    = var.router_api_desired_count
   extra_security_groups            = [local.govuk_management_access_security_group, aws_security_group.mesh_ecs_service.id]
-  environment_variables            = {} # TODO
-  secrets_from_arns                = {} # TODO
-  log_group                        = local.log_group
-  aws_region                       = data.aws_region.current.name
-  cpu                              = 512
-  memory                           = 1024
-  task_role_arn                    = aws_iam_role.task.arn
-  execution_role_arn               = aws_iam_role.execution.arn
+  environment_variables = merge(
+    local.router_api_defaults.environment_variables,
+    {
+      ROUTER_NODES = local.defaults.router_urls,
+      MONGODB_URI  = "mongodb://${local.router_api_defaults.mongodb_hosts}/router",
+    },
+  )
+  secrets_from_arns = merge(
+    local.router_api_defaults.secrets_from_arns,
+    {
+      GDS_SSO_OAUTH_ID     = data.aws_secretsmanager_secret.router_api_oauth_id.arn,
+      GDS_SSO_OAUTH_SECRET = data.aws_secretsmanager_secret.router_api_oauth_secret.arn,
+      SECRET_KEY_BASE      = data.aws_secretsmanager_secret.router_api_secret_key_base.arn,
+    },
+  )
+  log_group          = local.log_group
+  aws_region         = data.aws_region.current.name
+  cpu                = local.router_api_defaults.cpu
+  memory             = local.router_api_defaults.memory
+  task_role_arn      = aws_iam_role.task.arn
+  execution_role_arn = aws_iam_role.execution.arn
 }
 
 module "draft_router_api" {
+  source = "../../modules/app"
+
   service_name                     = "draft-router-api"
   mesh_name                        = aws_appmesh_mesh.govuk.id
   service_discovery_namespace_id   = aws_service_discovery_private_dns_namespace.govuk_publishing_platform.id
   service_discovery_namespace_name = aws_service_discovery_private_dns_namespace.govuk_publishing_platform.name
-  subnets                          = local.private_subnets
-  vpc_id                           = local.vpc_id
   cluster_id                       = aws_ecs_cluster.cluster.id
-  source                           = "../../modules/app"
+  vpc_id                           = local.vpc_id
+  subnets                          = local.private_subnets
   desired_count                    = var.draft_router_api_desired_count
   extra_security_groups            = [local.govuk_management_access_security_group, aws_security_group.mesh_ecs_service.id]
-  environment_variables            = {} # TODO
-  secrets_from_arns                = {} # TODO
-  log_group                        = local.log_group
-  aws_region                       = data.aws_region.current.name
-  cpu                              = 512
-  memory                           = 1024
-  task_role_arn                    = aws_iam_role.task.arn
-  execution_role_arn               = aws_iam_role.execution.arn
+  environment_variables = merge(
+    local.router_api_defaults.environment_variables,
+    {
+      ROUTER_NODES = local.defaults.draft_router_urls,
+      MONGODB_URI  = "mongodb://${local.router_api_defaults.mongodb_hosts}/draft_router",
+    },
+  )
+  secrets_from_arns = merge(
+    local.router_api_defaults.secrets_from_arns,
+    {
+      GDS_SSO_OAUTH_ID     = data.aws_secretsmanager_secret.draft_router_api_oauth_id.arn,
+      GDS_SSO_OAUTH_SECRET = data.aws_secretsmanager_secret.draft_router_api_oauth_secret.arn,
+      SECRET_KEY_BASE      = data.aws_secretsmanager_secret.draft_router_api_secret_key_base.arn,
+    },
+  )
+  log_group          = local.log_group
+  aws_region         = data.aws_region.current.name
+  cpu                = local.router_api_defaults.cpu
+  memory             = local.router_api_defaults.memory
+  task_role_arn      = aws_iam_role.task.arn
+  execution_role_arn = aws_iam_role.execution.arn
 }