test

.azuredevops/pipelines/cd-infrastructure-int-core.yaml

@@ -25,6 +25,7 @@ resources:
 variables:
   - group: global_variable_group
   - group: hub_variable_group
+  - group: audit_backend_remote_state_DEV
   - group: integration_core_variable_group
   - name: TF_DIRECTORY
     value: $(System.DefaultWorkingDirectory)/$(System.TeamProject)/infrastructure/tf-core

.github/workflows/cicd-1-pull-request.yaml

@@ -99,7 +99,7 @@ jobs:
     secrets: inherit
   build-stage: # Recommended maximum execution time is 3 minutes
     name: Image build stage
-    needs: [commit-stage]
+    needs: [metadata]
     # needs: [metadata, commit-stage, test-stage]
     uses: NHSDigital/dtos-devops-templates/.github/workflows/stage-3-build-images.yaml@feat/DTOSS-5412-Create-Azure-Resources-and-Deployment-Pipelines-in-Azure-DevOps-for-Team-Analyses
     # if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))

infrastructure/tf-audit/outputs.tf

@@ -0,0 +1,7 @@
+output "log_analytics_workspace_id" {
+  value = {
+    for k, v in module.log_analytics_workspace_audit : k => {
+      id = v.id
+    }
+  }
+}

infrastructure/tf-core/data.tf

@@ -56,3 +56,18 @@ data "azurerm_application_insights" "ai" {
   name                = var.function_apps.app_insights_name
   resource_group_name = var.function_apps.app_insights_rg_name
 }
+
+
+# data "terraform_remote_state" "audit" {
+#   backend = "azurerm"
+#   config = {
+#     # subscription_id      = var.AUDIT_BACKEND_AZURE_SUBSCRIPTION_ID
+#     subscription_id      = var.AUDIT_SUBSCRIPTION_ID
+#     storage_account_name = var.AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_NAME
+#     container_name       = var.AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_CONTAINER_NAME
+#     # key                  = var.AUDIT_BACKEND_AZURE_STORAGE_KEY
+#     # key                  = var.AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_KEY
+#     key                  = var.AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_KEY
+#     resource_group_name  = var.AUDIT_BACKEND_AZURE_RESOURCE_GROUP_NAME
+#   }
+# }

infrastructure/tf-core/environments/development.tfvars

@@ -168,14 +168,14 @@ function_apps = {
       function_endpoint_name = "CreateParticipantScreeningEpisode"
       app_service_plan_key   = "BIAnalyticsDataService"
       app_urls = [
-         {
-           env_var_name     = "GetEpisodeUrl"
-           function_app_key = "GetEpisode"
-         },
-         {
-           env_var_name     = "CreateParticipantScreeningEpisodeUrl"
-           function_app_key = "CreateParticipantScreeningEpisode"
-         }
+        {
+          env_var_name     = "GetEpisodeUrl"
+          function_app_key = "GetEpisode"
+        },
+        {
+          env_var_name     = "CreateParticipantScreeningEpisodeUrl"
+          function_app_key = "CreateParticipantScreeningEpisode"
+        }
       ]
     }
 
@@ -184,18 +184,18 @@ function_apps = {
       function_endpoint_name = "CreateParticipantScreeningProfile"
       app_service_plan_key   = "BIAnalyticsDataService"
       app_urls = [
-         {
-           env_var_name     = "GetParticipantUrl"
-           function_app_key = "GetParticipant"
-         },
         {
-           env_var_name     = "CreateParticipantScreeningProfileUrl"
-           function_app_key = "CreateParticipantScreeningProfile"
-         },
-         {
-           env_var_name     = "DemographicsServiceUrl"
-           function_app_key = "GetDemographicsData"
-         }
+          env_var_name     = "GetParticipantUrl"
+          function_app_key = "GetParticipant"
+        },
+        {
+          env_var_name     = "CreateParticipantScreeningProfileUrl"
+          function_app_key = "CreateParticipantScreeningProfile"
+        },
+        {
+          env_var_name     = "DemographicsServiceUrl"
+          function_app_key = "GetDemographicsData"
+        }
       ]
     }
 
@@ -228,73 +228,73 @@ function_apps = {
     }
 
     # does not build currently
-    receive-data = {
+    ReceiveData = {
       name_suffix            = "receive-data"
       function_endpoint_name = "ReceiveData"
       app_service_plan_key   = "EpisodeIntegrationService"
       app_urls = [
-         {
-           env_var_name     = "EpisodeManagementUrl"
-           function_app_key = "CreateUpdateEpisode"
-         },
         {
-           env_var_name     = "ParticipantManagementUrl"
-           function_app_key = "UpdateParticipant"
-         }
+          env_var_name     = "EpisodeManagementUrl"
+          function_app_key = "CreateUpdateEpisode"
+        },
+        {
+          env_var_name     = "ParticipantManagementUrl"
+          function_app_key = "UpdateParticipant"
+        }
       ]
     }
 
-    create-update-episode = {
+    CreateUpdateEpisode = {
       name_suffix            = "create-update-episode"
       function_endpoint_name = "CreateUpdateEpisode"
       app_service_plan_key   = "EpisodeManagementService"
       app_urls = [
-         {
-           env_var_name     = "CreateEpisodeUrl"
-           function_app_key = "CreateEpisode"
-         },
-         {
-           env_var_name     = "GetEpisodeUrl"
-           function_app_key = "GetEpisode"
-         },
-         {
-           env_var_name     = "UpdateEpisodeUrl"
-           function_app_key = "UpdateEpisode"
-         }
+        {
+          env_var_name     = "CreateEpisodeUrl"
+          function_app_key = "CreateEpisode"
+        },
+        {
+          env_var_name     = "GetEpisodeUrl"
+          function_app_key = "GetEpisode"
+        },
+        {
+          env_var_name     = "UpdateEpisodeUrl"
+          function_app_key = "UpdateEpisode"
+        }
       ]
     }
 
-    get-episode-mgmt = {
+    GetEpisodeMgmt = {
       name_suffix            = "get-episode-mgmt"
       function_endpoint_name = "GetEpisodeMgmt"
       app_service_plan_key   = "EpisodeManagementService"
       app_urls = [
-         {
-           env_var_name     = "GetEpisodeUrl"
-           function_app_key = "GetEpisode"
-         }
+        {
+          env_var_name     = "GetEpisodeUrl"
+          function_app_key = "GetEpisode"
+        }
       ]
     }
 
-    retrieve-mesh-file = {
-      name_suffix            = "retrieve-mesh-file"
+    RetrieveMeshFile = {
+      name_suffix            = "retrieve-mesh-file-from-cm"
       function_endpoint_name = "RetrieveMeshFile"
       app_service_plan_key   = "MeshIntegrationService"
     }
 
-    get-participant = {
+    GetParticipant = {
       name_suffix            = "get-participant"
       function_endpoint_name = "GetParticipant"
       app_service_plan_key   = "ParticipantManagementService"
     }
 
-    update-participant = {
+    UpdateParticipant = {
       name_suffix            = "update-participant"
       function_endpoint_name = "UpdateParticipant"
       app_service_plan_key   = "ParticipantManagementService"
     }
 
-    get-organisation-data = {
+    GetOrganisationData = {
       name_suffix            = "get-organisation-data"
       function_endpoint_name = "GetOrganisationData "
       app_service_plan_key   = "ReferenceDataService"
@@ -327,7 +327,7 @@ sqlserver = {
   # serins database
   dbs = {
     serins = {
-      db_name_suffix = "DToSDB"
+      db_name_suffix = "ServiceInsightsDB"
       collation      = "SQL_Latin1_General_CP1_CI_AS"
       licence_type   = "LicenseIncluded"
       max_gb         = 5

infrastructure/tf-core/function_app.tf

@@ -3,10 +3,13 @@ module "functionapp" {
 
   source = "../../../dtos-devops-templates/infrastructure/modules/function-app"
 
-  function_app_name   = "${module.regions_config[each.value.region_key].names.function-app}-${lower(each.value.function_config.name_suffix)}"
+  function_app_name   = "${module.regions_config[each.value.region_key].names.function-app}-si-${lower(each.value.function_config.name_suffix)}"
   resource_group_name = azurerm_resource_group.core[each.value.region_key].name
   location            = each.value.region_key
 
+  # to go in later
+  # log_analytics_workspace_id = data.terraform_remote_state.audit.outputs.log_analytics_workspace_id[local.primary_region].id
+
   app_settings = local.app_settings[each.value.region_key][each.value.function_key]
 
   public_network_access_enabled = var.features.public_network_access_enabled
@@ -91,12 +94,6 @@ locals {
           scope                = module.storage["fnapp-${region_key}"].storage_account_id
         }
       ],
-      [
-        for _, role_value in local.rbac_roles_storage : {
-          role_definition_name = role_value
-          scope                = module.storage["file_exceptions-${region_key}"].storage_account_id
-        }
-      ],
       [
         for _, role_value in local.rbac_roles_database : {
           role_definition_name = role_value
@@ -188,7 +185,7 @@ locals {
     } : null
   }
   #sqlsvr-serins-dev-uks.database.windows.net
-#Server=sqlsvr-serins-dev-uks.database.windows.net; Authentication=Active Directory Managed Identity; Database=DToSDB
+  #Server=sqlsvr-serins-dev-uks.database.windows.net; Authentication=Active Directory Managed Identity; Database=DToSDB
   # Create a map of the database connection strings for each function app that requires one
   env_vars_database_connection_strings = {
     for region_key, region_value in module.regions_config :

infrastructure/tf-core/locals.tf

@@ -0,0 +1,3 @@
+locals {
+  primary_region = [for k, v in var.regions : k if v.is_primary_region][0]
+}

infrastructure/tf-core/variables.tf

@@ -1,3 +1,29 @@
+# variable "AUDIT_BACKEND_AZURE_SUBSCRIPTION_ID" {
+#   description = "ID of the Azure Storage Account for the audit backend"
+#   type        = string
+# }
+variable "AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_NAME" {
+  description = "The name of the Azure Storage Account for the audit backend"
+  type        = string
+}
+variable "AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_CONTAINER_NAME" {
+  description = "The name of the container in the Audit Azure Storage Account for the backend"
+  type        = string
+}
+# variable "AUDIT_BACKEND_AZURE_STORAGE_KEY" {
+#   description = "The name of the Statefile for the audit  resources"
+#   type        = string
+# }
+variable "AUDIT_BACKEND_AZURE_RESOURCE_GROUP_NAME" {
+  description = "The name of the audit resource group for the Azure Storage Account"
+  type        = string
+}
+
+variable "AUDIT_BACKEND_AZURE_STORAGE_ACCOUNT_KEY" {
+  description = "The name of the audit resource group for the Azure Storage Account"
+  type        = string
+}
+
 variable "TARGET_SUBSCRIPTION_ID" {
   description = "ID of a subscription to deploy infrastructure"
   type        = string

scripts/database/permissions.sql

@@ -0,0 +1,59 @@
+CREATE USER [dev-uks-si-create-participant-screening-episode-data] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-create-participant-screening-episode-data];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-create-participant-screening-episode-data];
+
+CREATE USER [dev-uks-si-create-participant-screening-profile-data] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-create-participant-screening-profile-data];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-create-participant-screening-profile-data];
+
+CREATE USER [dev-uks-si-create-participant-screening-episode] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-create-participant-screening-episode];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-create-participant-screening-episode];
+
+CREATE USER [dev-uks-si-create-participant-screening-profile] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-create-participant-screening-profile];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-create-participant-screening-profile];
+
+CREATE USER [dev-uks-si-get-demographics-data] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-get-demographics-data];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-get-demographics-data];
+
+CREATE USER [dev-uks-si-create-episode] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-create-episode];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-create-episode];
+
+CREATE USER [dev-uks-si-get-episode] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-get-episode];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-get-episode];
+
+CREATE USER [dev-uks-si-update-episode] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-update-episode];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-update-episode];
+
+CREATE USER [dev-uks-si-receive-data] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-receive-data];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-receive-data];
+
+CREATE USER [dev-uks-si-create-update-episode] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-create-update-episode];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-create-update-episode];
+
+CREATE USER [dev-uks-si-get-episode-mgmt] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-get-episode-mgmt];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-get-episode-mgmt];
+
+CREATE USER [dev-uks-si-retrieve-mesh-file-from-cm] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-retrieve-mesh-file-from-cm];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-retrieve-mesh-file-from-cm];
+
+CREATE USER [dev-uks-si-get-participant] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-get-participant];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-get-participant];
+
+CREATE USER [dev-uks-si-update-participant] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-update-participant];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-update-participant];
+
+CREATE USER [dev-uks-si-get-organisation-data] FROM EXTERNAL PROVIDER;
+ALTER ROLE [db_datareader] ADD MEMBER [dev-uks-si-get-organisation-data];
+ALTER ROLE [db_datawriter] ADD MEMBER [dev-uks-si-get-organisation-data];

scripts/deployment/get-docker-names.sh

@@ -5,14 +5,13 @@ declare -A docker_functions_map=(
     ["BIAnalyticsDataService/CreateParticipantScreeningProfile"]="create-participant-screening-profile-data"
     ["BIAnalyticsService/CreateParticipantScreeningEpisode"]="create-participant-screening-episode"  # does not exist in the compose.yaml file
     ["BIAnalyticsService/CreateParticipantScreeningProfile"]="create-participant-screening-profile"  # does not exist in the compose.yaml file
-
-    ["BIAnalyticsService/CreateDataAssets"]="create-data-assets"
+    # ["BIAnalyticsService/CreateDataAssets"]="create-data-assets"
     ["DemographicsService/GetDemographicsData"]="get-demographics-data"  # does not exist in the compose.yaml file
     ["EpisodeDataService/GetEpisode"]="get-episode"
     ["EpisodeDataService/CreateEpisode"]="create-episode"
-    # ["EpisodeDataService/UpdateEpisode"]="update-episode"
+    ["EpisodeDataService/UpdateEpisode"]="update-episode"
     ["EpisodeIntegrationService/ReceiveData"]="receive-data"
-    #["EpisodeManagementService/CreateUpdateEpisode"]="create-update-episode"
+    ["EpisodeManagementService/CreateUpdateEpisode"]="create-update-episode"
     ["EpisodeManagementService/GetEpisode"]="get-episode-mgmt"
     ["MeshIntegrationService/RetrieveMeshFile"]="retrieve-mesh-file"
     ["ParticipantManagementService/GetParticipant"]="get-participant"

src/Shared/Common/delme

@@ -1,5 +0,0 @@
-
-
-
-
-