Test ac

.checksum

@@ -1,3 +1,3 @@
 #This file is used by the auto pr github action. Please commit
-hmpps-prison-person-api-dev
-h1:X0IPZ61bj8Dr9uOu4DfB3aEv7xVmz7HfkCOGPssMR7M=
+davidconneely-sandbox-dev
+h1:L0A1RdN31mV+0E28WFe3NwgXZ/SEfcq9qN6mlz7LCBM=

.github/workflows/skip-file-auto-approval.yaml

@@ -0,0 +1,42 @@
+name: skip-file-auto-approval
+
+on:
+  pull_request:
+    paths:
+      - '**/APPLY_PIPELINE_SKIP_THIS_NAMESPACE'
+
+jobs:
+  commit-check:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    env:
+      GITHUB_REF: §{{ github.ref }}
+      GITHUB_REPOSITORY: §{{ github.event.repository.name }}
+      FILE_NAME: "APPLY_PIPELINE_SKIP_THIS_NAMESPACE"
+    steps:
+    - name: checkout
+      uses: actions/checkout@v2
+
+    - id: commit-check
+      name: commit check
+      uses: docker://ministryofjustice/cloud-platform-commit-check:latest
+
+    - name: auto approve
+      if: ${{ steps.commit-check.outputs.approval == 'approval_not_needed' }}
+      uses: hmarr/auto-approve-action@v4
+      with:
+        review-message: 'Automatically approving PR for skip file'
+
+    - name: cloud platform approval needed
+      if: ${{ steps.commit-check.outputs.approval == 'approval_needed' }}
+      uses: actions/github-script@v7
+      with:
+        github-token: "${{ secrets.GITHUB_TOKEN }}"
+        script: |
+          github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: 'This PR requires approval from the Cloud Platform team. Please wait for a member of the team to review.'
+            })

cmd/tac/notnamespace.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Rolebinding
+metadata:
+  name: "hmpps-jobs-board-dev"
+  labels:
+    cloud-platform.justice.gov.uk/is-production: "false"
+    cloud-platform.justice.gov.uk/environment-name: "development"
+    pod-security.kubernetes.io/enforce: restricted
+  annotations:
+    cloud-platform.justice.gov.uk/business-unit: "HMPPS"
+    cloud-platform.justice.gov.uk/slack-channel: "prison-education"
+    cloud-platform.justice.gov.uk/application: "Jobs Board"
+    cloud-platform.justice.gov.uk/owner: "Education Skills Work and Employment: [email protected]"
+    cloud-platform.justice.gov.uk/source-code: "https://github.com/ministryofjustice/hmpps-jobs-board-api"
+    cloud-platform.justice.gov.uk/team-name: "education-skills-work-employment"
+    cloud-platform.justice.gov.uk/review-after: ""

cmd/tac/rightsc.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "hmpps-jobs-board-dev"
+  labels:
+    cloud-platform.justice.gov.uk/is-production: "false"
+    cloud-platform.justice.gov.uk/environment-name: "development"
+    pod-security.kubernetes.io/enforce: restricted
+  annotations:
+    cloud-platform.justice.gov.uk/business-unit: "HMPPS"
+    cloud-platform.justice.gov.uk/slack-channel: "prison-education"
+    cloud-platform.justice.gov.uk/application: "Jobs Board"
+    cloud-platform.justice.gov.uk/owner: "Education Skills Work and Employment: [email protected]"
+    cloud-platform.justice.gov.uk/source-code: "https://github.com/ministryofjustice/hmpps-jobs-board-api"
+    cloud-platform.justice.gov.uk/team-name: "education-skills-work-employment"
+    cloud-platform.justice.gov.uk/review-after: ""

cmd/tac/wrongsc.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "hmpps-jobs-board-dev"
+  labels:
+    cloud-platform.justice.gov.uk/is-production: "false"
+    cloud-platform.justice.gov.uk/environment-name: "development"
+    pod-security.kubernetes.io/enforce: restricted
+  annotations:
+    cloud-platform.justice.gov.uk/business-unit: "HMPPS"
+    cloud-platform.justice.gov.uk/slack-channel: "prison-education"
+    cloud-platform.justice.gov.uk/application: "Jobs Board"
+    cloud-platform.justice.gov.uk/owner: "Education Skills Work and Employment: [email protected]"
+    cloud-platform.justice.gov.uk/source-code: "https://github.com/ministryofjustice/hmpps-jobs-board-ap"
+    cloud-platform.justice.gov.uk/team-name: "education-skills-work-employment"
+    cloud-platform.justice.gov.uk/review-after: ""

cmd/tac/wrongteam.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "hmpps-jobs-board-dev"
+  labels:
+    cloud-platform.justice.gov.uk/is-production: "false"
+    cloud-platform.justice.gov.uk/environment-name: "development"
+    pod-security.kubernetes.io/enforce: restricted
+  annotations:
+    cloud-platform.justice.gov.uk/business-unit: "HMPPS"
+    cloud-platform.justice.gov.uk/slack-channel: "prison-education"
+    cloud-platform.justice.gov.uk/application: "Jobs Board"
+    cloud-platform.justice.gov.uk/owner: "Education Skills Work and Employment: [email protected]"
+    cloud-platform.justice.gov.uk/source-code: "https://github.com/ministryofjustice/hmpps-jobs-board-api"
+    cloud-platform.justice.gov.uk/team-name: "education-skills-work-employmen"
+    cloud-platform.justice.gov.uk/review-after: ""

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/00-namespace.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "davidconneely-sandbox-dev"
+  labels:
+    cloud-platform.justice.gov.uk/is-production: "false"
+    cloud-platform.justice.gov.uk/environment-name: "development"
+    pod-security.kubernetes.io/enforce: restricted
+  annotations:
+    cloud-platform.justice.gov.uk/business-unit: "LAA"
+    cloud-platform.justice.gov.uk/slack-channel: "dces"
+    cloud-platform.justice.gov.uk/application: "Sandbox for David Conneely"
+    cloud-platform.justice.gov.uk/owner: "DCES: [email protected]"
+    cloud-platform.justice.gov.uk/source-code: "https://github.com/ministryofjustice/davidconneely-sandbox"
+    cloud-platform.justice.gov.uk/team-name: "davidconneely-sandbox"
+    cloud-platform.justice.gov.uk/review-after: "2024-09-04"

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/01-rbac.yaml

@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: davidconneely-sandbox-dev-admin
+  namespace: davidconneely-sandbox-dev
+subjects:
+  - kind: Group
+    name: "github:davidconneely-sandbox"
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: admin
+  apiGroup: rbac.authorization.k8s.io

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/02-limitrange.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: limitrange
+  namespace: davidconneely-sandbox-dev
+spec:
+  limits:
+  - default:
+      cpu: 1000m
+      memory: 1000Mi
+    defaultRequest:
+      cpu: 10m
+      memory: 100Mi
+    type: Container

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/03-resourcequota.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: namespace-quota
+  namespace: davidconneely-sandbox-dev
+spec:
+  hard:
+    pods: "50"

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/04-networkpolicy.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default
+  namespace: davidconneely-sandbox-dev
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - podSelector: {}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-ingress-controllers
+  namespace: davidconneely-sandbox-dev
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          component: ingress-controllers

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/resources/main.tf

@@ -0,0 +1,46 @@
+terraform {
+  backend "s3" {
+  }
+}
+
+provider "aws" {
+  region = "eu-west-2"
+
+  default_tags {
+    tags = {
+      source-code   = "github.com/ministryofjustice/cloud-platform-environments"
+      slack-channel = var.slack_channel
+    }
+  }
+}
+
+provider "aws" {
+  alias  = "london"
+  region = "eu-west-2"
+
+  default_tags {
+    tags = {
+      source-code   = "github.com/ministryofjustice/cloud-platform-environments"
+      slack-channel = var.slack_channel
+    }
+  }
+}
+
+provider "aws" {
+  alias  = "ireland"
+  region = "eu-west-1"
+
+  default_tags {
+    tags = {
+      source-code   = "github.com/ministryofjustice/cloud-platform-environments"
+      slack-channel = var.slack_channel
+    }
+  }
+}
+
+provider "github" {
+  token = var.github_token
+  owner = var.github_owner
+}
+
+provider "kubernetes" {}

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/resources/variables.tf

@@ -0,0 +1,69 @@
+variable "vpc_name" {
+  description = "VPC name to create security groups in for the ElastiCache and RDS modules"
+  type        = string
+}
+
+variable "kubernetes_cluster" {
+  description = "Kubernetes cluster name for references to secrets for service accounts"
+  type        = string
+}
+
+variable "application" {
+  description = "Name of the application you are deploying"
+  type        = string
+  default     = "Sandbox for David Conneely"
+}
+
+variable "namespace" {
+  description = "Name of the namespace these resources are part of"
+  type        = string
+  default     = "davidconneely-sandbox-dev"
+}
+
+variable "business_unit" {
+  description = "Area of the MOJ responsible for this service"
+  type        = string
+  default     = "LAA"
+}
+
+variable "team_name" {
+  description = "Name of the development team responsible for this service"
+  type        = string
+  default     = "davidconneely-sandbox"
+}
+
+variable "environment" {
+  description = "Name of the environment type for this service"
+  type        = string
+  default     = "development"
+}
+
+variable "infrastructure_support" {
+  description = "Email address of the team responsible this service"
+  type        = string
+  default     = "[email protected]"
+}
+
+variable "is_production" {
+  description = "Whether this environment type is production or not"
+  type        = string
+  default     = "false"
+}
+
+variable "slack_channel" {
+  description = "Slack channel name for your team, if we need to contact you about this service"
+  type        = string
+  default     = "dces"
+}
+
+variable "github_owner" {
+  description = "The GitHub organization or individual user account containing the app's code repo. Used by the Github Terraform provider. See: https://user-guide.cloud-platform.service.justice.gov.uk/documentation/getting-started/ecr-setup.html#accessing-the-credentials"
+  type        = string
+  default     = "ministryofjustice"
+}
+
+variable "github_token" {
+  type        = string
+  description = "Required by the GitHub Terraform provider"
+  default     = ""
+}

namespaces/live.cloud-platform.service.justice.gov.uk/davidconneely-sandbox-dev/resources/versions.tf

@@ -0,0 +1,17 @@
+terraform {
+  required_version = ">= 1.2.5"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.67.0"
+    }
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.39.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.23.0"
+    }
+  }
+}

namespaces/live.cloud-platform.service.justice.gov.uk/hmpps-auth-prod/resources/variables.tf

@@ -7,7 +7,7 @@ variable "vpc_name" {
 }
 
 variable "domain" {
-  default = "sign-in-alt.hmpps.service.justice.gov.uk"
+  default = "sign-in.hmpps.service.justice.gov.uk"
 }
 
 variable "application" {

namespaces/live.cloud-platform.service.justice.gov.uk/laa-crown-court-litigator-fees-dev/resources/irsa.tf

@@ -14,6 +14,7 @@ module "irsa" {
   role_policy_arns = {
     sqs_cclf_claims = aws_iam_policy.cclf_policy.arn
     rds = module.rds-instance.irsa_policy_arn
+    cclf_copy_snapshot = aws_iam_policy.cclf_copy_snapshot_policy.arn
   }
 
   # Tags
@@ -59,6 +60,36 @@ resource "aws_iam_policy" "cclf_policy" {
   }
 }
 
+data "aws_iam_policy_document" "cclf_copy_snapshot_policy_document" {
+  # Provide list of permissions and target AWS account resources to allow access to
+  statement {
+    sid  = "CCLFPolicyRDSCopySnapshotDev"
+    effect = "Allow"
+    actions = [
+      "rds:CopyDBSnapshot",
+    ]
+    resources = [
+      "arn:aws:rds:eu-west-2:411213865113:snapshot:cclf-dev-for-copy-over-to-cloud-platform",
+    ]
+  }
+
+}
+
+resource "aws_iam_policy" "cclf_copy_snapshot_policy" {
+  name        = "cclf_copy_snapshot_policy"
+  policy      = data.aws_iam_policy_document.cclf_copy_snapshot_policy_document.json
+  description = "Policy for Cloud Platform to assume role in data platform dev account for CCLF"
+
+  tags = {
+    business-unit          = var.business_unit
+    application            = var.application
+    is-production          = var.is_production
+    environment-name       = var.environment
+    owner                  = var.github_owner
+    infrastructure-support = var.infrastructure_support
+  }
+}
+
 module "service_pod" {
   source = "github.com/ministryofjustice/cloud-platform-terraform-service-pod?ref=1.0.0" # use the latest release