Restrict access to subnets for DB #31
Conversation
| db_rules = "${null_resource.subnet_mappings.*.triggers}" | ||
| } | ||
|
|
||
| # https://gist.github.com/brikis98/f3fe2ae06f996b40b55eebcb74ed9a9e |
There was a problem hiding this comment.
don't mind, it's a link to where I got the weird terraform thingy
|
|
||
| ### Access to databases | ||
|
|
||
| Databases are restricted to access from specific subnets, these can be updated [here](https://github.com/hmcts/cnp-database-subnet-whitelisting) |
There was a problem hiding this comment.
I can't see where in the code it gets the json from this repo?
There was a problem hiding this comment.
Change description says this is pending 😉
It's been tested with the file directly in the repo,
Just swapping over to that atm
There was a problem hiding this comment.
ah sorry I skipped straight to the code :)
find-subnets.py
Outdated
|
|
||
| # get first element or empty list if none | ||
| env_subnets = next(iter(env_subnets_list_of_lists), []) | ||
| app_subs = next(iter(app_subnets_list_of_lists), []) |
There was a problem hiding this comment.
It might be cleaner to write:
env_subnets = env_subnets_list_of_lists[0] if len(env_subnets_list_of_lists) > 0 else []
but it's up to you really
|
This is much more maintainable - clean separation of concerns mains that changes can be deployed cleanly across environments. Changes to environments and infrastructure no longer require deep understanding of the code. |
JIRA link
https://tools.hmcts.net/jira/browse/RDO-2675
Change description
This is an alternative approach to #30
Opening this up to review though
Does this PR introduce a breaking change? (check one with "x")