Merge branch 'main' into feature/CCM-12616_mesh_poll_retrieve

Author: simonlabarere

.github/actions/trivy-iac/action.yaml

@@ -8,7 +8,8 @@ runs:
       run: |
         components_exit_code=0
         modules_exit_code=0
-
+        asdf plugin add trivy || true
+        asdf install trivy || true
         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/components || components_exit_code=$?
         ./scripts/terraform/trivy-scan.sh --mode iac ./infrastructure/terraform/modules || modules_exit_code=$?
 

.github/actions/trivy-package/action.yaml

@@ -7,7 +7,8 @@ runs:
       shell: bash
       run: |
         exit_code=0
-
+        asdf plugin add trivy || true
+        asdf install trivy || true
         ./scripts/terraform/trivy-scan.sh --mode package . || exit_code=$?
 
         if [ $exit_code -ne 0 ]; then

.github/workflows/stage-1-commit.yaml

@@ -163,8 +163,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy IaC Scan"
         uses: ./.github/actions/trivy-iac
   trivy-package:
@@ -179,8 +177,6 @@ jobs:
         uses: actions/checkout@v4
       - name: "Setup ASDF"
         uses: asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302
-      - name: "Perform Setup"
-        uses: ./.github/actions/setup
       - name: "Trivy Package Scan"
         uses: ./.github/actions/trivy-package
   count-lines-of-code:

infrastructure/terraform/components/dl/README.md

@@ -32,7 +32,7 @@ No requirements.
 | <a name="input_pdm_use_non_mock_token"></a> [pdm\_use\_non\_mock\_token](#input\_pdm\_use\_non\_mock\_token) | Whether to use the shared APIM access token from SSM (/component/environment/apim/access\_token) instead of the mock token | `bool` | `false` | no |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_queue_batch_size"></a> [queue\_batch\_size](#input\_queue\_batch\_size) | maximum number of queue items to process | `number` | `10` | no |
-| <a name="input_queue_batch_window_seconds"></a> [queue\_batch\_window\_seconds](#input\_queue\_batch\_window\_seconds) | maximum time in seconds between processing events | `number` | `10` | no |
+| <a name="input_queue_batch_window_seconds"></a> [queue\_batch\_window\_seconds](#input\_queue\_batch\_window\_seconds) | maximum time in seconds between processing events | `number` | `1` | no |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
 | <a name="input_shared_infra_account_id"></a> [shared\_infra\_account\_id](#input\_shared\_infra\_account\_id) | The AWS Shared Infra Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_ttl_poll_schedule"></a> [ttl\_poll\_schedule](#input\_ttl\_poll\_schedule) | Schedule to poll for any overdue TTL records | `string` | `"rate(10 minutes)"` | no |
@@ -46,6 +46,7 @@ No requirements.
 | <a name="module_mesh_download"></a> [mesh\_download](#module\_mesh\_download) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_mesh_poll"></a> [mesh\_poll](#module\_mesh\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_pdm_mock"></a> [pdm\_mock](#module\_pdm\_mock) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
+| <a name="module_pdm_poll"></a> [pdm\_poll](#module\_pdm\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_pdm_uploader"></a> [pdm\_uploader](#module\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.29/terraform-lambda.zip | n/a |
 | <a name="module_s3bucket_cf_logs"></a> [s3bucket\_cf\_logs](#module\_s3bucket\_cf\_logs) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_s3bucket_letters"></a> [s3bucket\_letters](#module\_s3bucket\_letters) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
@@ -54,6 +55,7 @@ No requirements.
 | <a name="module_s3bucket_static_assets"></a> [s3bucket\_static\_assets](#module\_s3bucket\_static\_assets) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-s3bucket.zip | n/a |
 | <a name="module_sqs_event_publisher_errors"></a> [sqs\_event\_publisher\_errors](#module\_sqs\_event\_publisher\_errors) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_mesh_download"></a> [sqs\_mesh\_download](#module\_sqs\_mesh\_download) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
+| <a name="module_sqs_pdm_poll"></a> [sqs\_pdm\_poll](#module\_sqs\_pdm\_poll) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_pdm_uploader"></a> [sqs\_pdm\_uploader](#module\_sqs\_pdm\_uploader) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_ttl"></a> [sqs\_ttl](#module\_sqs\_ttl) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |
 | <a name="module_sqs_ttl_handle_expiry_errors"></a> [sqs\_ttl\_handle\_expiry\_errors](#module\_sqs\_ttl\_handle\_expiry\_errors) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.24/terraform-sqs.zip | n/a |

infrastructure/terraform/components/dl/aws_api_gateway_deployment_pdm_mock.tf

@@ -16,7 +16,9 @@ resource "aws_api_gateway_deployment" "pdm_mock" {
       aws_api_gateway_resource.document_reference[0].id,
       aws_api_gateway_resource.document_reference_id[0].id,
       aws_api_gateway_method.create_document_reference[0].id,
+      aws_api_gateway_method.create_document_reference[0].authorization,
       aws_api_gateway_method.get_document_reference[0].id,
+      aws_api_gateway_method.get_document_reference[0].authorization,
       aws_api_gateway_integration.create_document_reference[0].id,
       aws_api_gateway_integration.get_document_reference[0].id,
     ]))

infrastructure/terraform/components/dl/aws_api_gateway_method_create_document_reference.tf

@@ -4,5 +4,5 @@ resource "aws_api_gateway_method" "create_document_reference" {
   rest_api_id   = aws_api_gateway_rest_api.pdm_mock[0].id
   resource_id   = aws_api_gateway_resource.document_reference[0].id
   http_method   = "POST"
-  authorization = "AWS_IAM"
+  authorization = "NONE"
 }

infrastructure/terraform/components/dl/aws_api_gateway_method_get_document_reference.tf

@@ -4,5 +4,5 @@ resource "aws_api_gateway_method" "get_document_reference" {
   rest_api_id   = aws_api_gateway_rest_api.pdm_mock[0].id
   resource_id   = aws_api_gateway_resource.document_reference_id[0].id
   http_method   = "GET"
-  authorization = "AWS_IAM"
+  authorization = "NONE"
 }

infrastructure/terraform/components/dl/cloudwatch_event_rule_pdm_resource_submitted.tf

@@ -0,0 +1,19 @@
+resource "aws_cloudwatch_event_rule" "pdm_resource_submitted" {
+  name           = "${local.csi}-pdm-resource-submitted"
+  description    = "PDM resource submitted event rule"
+  event_bus_name = aws_cloudwatch_event_bus.main.name
+
+  event_pattern = jsonencode({
+    "detail" : {
+      "type" : [
+        "uk.nhs.notify.digital.letters.pdm.resource.submitted.v1"
+      ]
+    }
+  })
+}
+
+resource "aws_cloudwatch_event_target" "pdm_resource_submitted_pdm_poll" {
+  rule           = aws_cloudwatch_event_rule.pdm_resource_submitted.name
+  arn            = module.sqs_pdm_poll.sqs_queue_arn
+  event_bus_name = aws_cloudwatch_event_bus.main.name
+}

infrastructure/terraform/components/dl/cloudwatch_event_rule_pdm_resource_unavailable.tf

@@ -0,0 +1,19 @@
+resource "aws_cloudwatch_event_rule" "pdm_resource_unavailable" {
+  name           = "${local.csi}-pdm-resource-unavailable"
+  description    = "PDM resource unavailable event rule"
+  event_bus_name = aws_cloudwatch_event_bus.main.name
+
+  event_pattern = jsonencode({
+    "detail" : {
+      "type" : [
+        "uk.nhs.notify.digital.letters.pdm.resource.unavailable.v1"
+      ]
+    }
+  })
+}
+
+resource "aws_cloudwatch_event_target" "pdm_resource_unavailable_pdm_poll" {
+  rule           = aws_cloudwatch_event_rule.pdm_resource_unavailable.name
+  arn            = module.sqs_pdm_poll.sqs_queue_arn
+  event_bus_name = aws_cloudwatch_event_bus.main.name
+}

infrastructure/terraform/components/dl/lambda_event_source_mapping_pdm_poll_lambda.tf

@@ -0,0 +1,10 @@
+resource "aws_lambda_event_source_mapping" "pdm_poll_lambda" {
+  event_source_arn                   = module.sqs_pdm_poll.sqs_queue_arn
+  function_name                      = module.pdm_poll.function_name
+  batch_size                         = var.queue_batch_size
+  maximum_batching_window_in_seconds = var.queue_batch_window_seconds
+
+  function_response_types = [
+    "ReportBatchItemFailures"
+  ]
+}