ooni · DecFox · May 17, 2024 · May 18, 2024 · May 18, 2024 · May 18, 2024
diff --git a/.github/workflows/check_terraform.yml b/.github/workflows/check_terraform.yml
@@ -41,7 +41,7 @@ jobs:
 
           [oonidevops_user_dev]
           aws_access_key_id = ${{ secrets.OONIDEVOPS_AWS_ACCESS_KEY_ID }}
-          aws_secret_access_key = ${{ secrets.OONIDEVOPS_AWS_SECRET_ACCESS_KEY }}
+          aws_secret_access_key = ${{ secrets.OONIDEVOPS_AWS_SECRET_ACCESS_KEY }} 
           EOF
           chmod 700 ~/.aws/
           chmod 600 ~/.aws/credentials
@@ -94,6 +94,7 @@ jobs:
           script: |
             const terraformPlanOutput = `${{ steps.plan.outputs.terraform_plan }}`;
             const terraformApplyOutput = `${{ steps.apply.outputs.terraform_apply }}`;
+            const terraformValidateOutput = `${{ steps.validate.outputs.terraform_validate }}`;
 
             const terraformPlanPlanLine = terraformPlanOutput.split('\n').find(line => line.startsWith('Plan:'));
             const terraformApplyPlanLine = terraformApplyOutput.split('\n').find(line => line.startsWith('Plan:'));
@@ -107,7 +108,7 @@ jobs:
             <details><summary>Validation Output</summary>
 
             \`\`\`\n
-            ${{ steps.validate.outputs.terraform_validate }}
+            ${terraformValidateOutput}
             \`\`\`
 
             </details>

diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf
@@ -293,7 +293,7 @@ module "ooni_backendproxy" {
   backend_url        = "https://backend-hel.ooni.org/"
   wcth_addresses     = module.ooni_th_droplet.droplet_ipv4_address
   wcth_domain_suffix = "th.dev.ooni.io"
-  clickhouse_url     = "backend-fsn.ooni.org"
+  clickhouse_url     = "backend-hel.ooni.org"
   clickhouse_port    = "9000"
 
   tags = merge(
@@ -379,6 +379,55 @@ module "ooniapi_ooniprobe" {
   )
 }
 
+#### OONI Measurements service
+
+module "ooniapi_oonimeasurements_deployer" {
+  source = "../../modules/ooniapi_service_deployer"
+
+  service_name            = "oonimeasurements"
+  repo                    = "ooni/backend"
+  branch_name             = "master"
+  buildspec_path          = "ooniapi/services/oonimeasurements/buildspec.yml"
+  codestar_connection_arn = aws_codestarconnections_connection.oonidevops.arn
+
+  codepipeline_bucket = aws_s3_bucket.ooniapi_codepipeline_bucket.bucket
+
+  ecs_service_name = module.ooniapi_oonimeasurements.ecs_service_name
+  ecs_cluster_name = module.ooniapi_cluster.cluster_name
+}
+
+module "ooniapi_oonimeasurements" {
+  source = "../../modules/ooniapi_service"
+
+  vpc_id             = module.network.vpc_id
+  public_subnet_ids  = module.network.vpc_subnet_public[*].id
+  private_subnet_ids = module.network.vpc_subnet_private[*].id
+
+  service_name             = "oonimeasurements"
+  default_docker_image_url = "ooni/api-oonimeasurements:latest"
+  stage                    = local.environment
+  dns_zone_ooni_io         = local.dns_zone_ooni_io
+  key_name                 = module.adm_iam_roles.oonidevops_key_name
+  ecs_cluster_id           = module.ooniapi_cluster.cluster_id
+
+  task_secrets = {
+    JWT_ENCRYPTION_KEY          = aws_secretsmanager_secret_version.jwt_secret.arn
+    PROMETHEUS_METRICS_PASSWORD = aws_secretsmanager_secret_version.prometheus_metrics_password.arn
+  }
+
+  task_environment = {
+    CLICKHOUSE_URL = "backend-hel.ooni.org"
+  }
+
+  ooniapi_service_security_groups = [
+    module.ooniapi_cluster.web_security_group_id
+  ]
+
+  tags = merge(
+    local.tags,
+    { Name = "ooni-tier0-oonimeasurements" }
+  )
+}
 
 #### OONI Run service
 
@@ -564,6 +613,7 @@ module "ooniapi_frontend" {
   ooniapi_ooniauth_target_group_arn     = module.ooniapi_ooniauth.alb_target_group_id
   ooniapi_ooniprobe_target_group_arn    = module.ooniapi_ooniprobe.alb_target_group_id
   ooniapi_oonifindings_target_group_arn = module.ooniapi_oonifindings.alb_target_group_id
+  ooniapi_oonimeasurements_target_group_arn = module.ooniapi_oonimeasurements.alb_target_group_id
 
   ooniapi_service_security_groups = [
     module.ooniapi_cluster.web_security_group_id

diff --git a/tf/modules/ooniapi_frontend/main.tf b/tf/modules/ooniapi_frontend/main.tf
@@ -200,4 +200,42 @@ resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule_host" {
       values = ["oonifindings.${local.direct_domain_suffix}"]
     }
   }
-}
+}
+
+resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule" {
+  listener_arn = aws_alb_listener.ooniapi_listener_https.arn
+  priority     = 140
+
+  action {
+    type             = "forward"
+    target_group_arn = var.ooniapi_oonimeasurements_target_group_arn
+  }
+
+  condition {
+    path_pattern {
+      values = [
+        "/api/v1/measurements/*",
+        "/api/v1/raw_measurement",
+        "/api/v1/measurement_meta",
+        "/api/v1/measurements",
+        "/api/v1/torsf_stats",
+        "/api/v1/aggregation"
+      ]
+    }
+  }
+}
+
+resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule_host" {
+  listener_arn = aws_alb_listener.ooniapi_listener_https.arn
+  priority     = 141
+
+  action {
+    type             = "forward"
+    target_group_arn = var.ooniapi_oonimeasurements_target_group_arn
+  }
+  condition {
+    host_header {
+      values = ["oonimeasurements.${local.direct_domain_suffix}"]
+    }
+  }
+}
diff --git a/tf/modules/ooniapi_frontend/variables.tf b/tf/modules/ooniapi_frontend/variables.tf
@@ -32,6 +32,10 @@ variable "ooniapi_oonifindings_target_group_arn" {
   description = "arn for the target group of the oonifindings service"
 }
 
+variable "ooniapi_oonimeasurements_target_group_arn" {
+  description = "arn for the target group of the oonimeasurements service"
+}
+
 variable "dns_zone_ooni_io" {
   description = "id of the DNS zone for ooni_io"
 }