Merge remote-tracking branch 'origin/main' into develop

silinternational · Feb 12, 2024 · f8302c7 · f8302c7
2 parents d617630 + 8af802d
commit f8302c7
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 11 deletions.
diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml
@@ -141,6 +141,7 @@ services:
       IDP_NAME: development
       COMPOSER_ALLOW_SUPERUSER: 1
       COMPOSER_CACHE_DIR: /composer
+      ALERTS_EMAIL_ENABLED: "false"
       EMAIL_SERVICE_accessToken: abc123
       EMAIL_SERVICE_assertValidIp: "false"
       EMAIL_SERVICE_baseUrl: http://email

diff --git a/terraform/041-id-broker-search-lambda/README.md b/terraform/041-id-broker-search-lambda/README.md
@@ -20,7 +20,7 @@ This module is used to create a lambda function for calling id-broker's search a
 
  - `app_name` - Default: `idp-id-broker-search`
  - `function_name` - Default: `idp-id-broker-search`
- - `lambda_runtime` - AWS Lambda runtime environment, default: `provided.al2`
+ - `lambda_runtime` - AWS Lambda runtime environment, either `provided.al2` or `go1.x`. `go1.x` is deprecated but remains the default for backward compatibility
  - `memory_size` - Default: `128`
  - `timeout` - Default: `5`
  - `function_zip_name` - Key to file in S3 for function zip file, Default: `idp-id-broker-search.zip`

diff --git a/terraform/041-id-broker-search-lambda/vars.tf b/terraform/041-id-broker-search-lambda/vars.tf
@@ -23,16 +23,16 @@ variable "function_zip_name" {
 }
 
 variable "function_name" {
-  default = "bootstrap"
+  default = "idp-id-broker-search"
 }
 
 variable "idp_name" {
   type = string
 }
 
 variable "lambda_runtime" {
-  description = "AWS Lambda runtime environment"
-  default     = "provided.al2"
+  description = "AWS Lambda runtime environment, either `provided.al2` or `go1.x`. `go1.x` is deprecated"
+  default     = "go1.x"
   type        = string
 }
 

diff --git a/terraform/050-pw-manager/README.md b/terraform/050-pw-manager/README.md
@@ -13,7 +13,6 @@ The password manager UI can be deployed using the [silinternatonal/pages/cloudfl
 
  - `alb_dns_name` - DNS name for application load balancer
  - `alb_https_listener_arn` - ARN for ALB HTTPS listener
- - `alerts_email` - Email address to send alerts/notifications to
  - `api_subdomain` - Subdomain for pw manager api
  - `app_env` - Application environment
  - `app_name` - Application name
@@ -59,13 +58,15 @@ The password manager UI can be deployed using the [silinternatonal/pages/cloudfl
 
 ## Optional Inputs
 
- - `code_length` - Number of digits in reset code. Default: `6`
+ - `alerts_email` - Email address to send alerts/notifications. Must be specified if `alerts_email_enabled` is `"true"`. Default: `""`
+ - `alerts_email_enabled` - Enable or disabled alert notification emails. Default: `"true"`
+ - `code_length` - Number of digits in reset code. Default: `"6"`
  - `create_dns_record` - Controls creation of a DNS CNAME record for the ECS service. Default: `true`
  - `extra_hosts` - Extra hosts for the API task definition, e.g. "\["hostname":"host.example.com","ipAddress":"192.168.1.1"\]"
- - `password_rule_enablehibp` - Enable haveibeenpwned.com password check. Default: `true`
- - `password_rule_maxlength` - Maximum password length. Default: `255`
- - `password_rule_minlength` - Minimum password length. Default: `10`
- - `password_rule_minscore` - Minimum password score. Default: `3`
+ - `password_rule_enablehibp` - Enable haveibeenpwned.com password check. Default: `"true"`
+ - `password_rule_maxlength` - Maximum password length. Default: `"255"`
+ - `password_rule_minlength` - Minimum password length. Default: `"10"`
+ - `password_rule_minscore` - Minimum password score. Default: `"3"`
  - `sentry_dsn` - Sentry DSN for error logging and alerting. Obtain from Sentry dashboard: Settings - Projects - (project) - Client Keys
  - `support_feedback` - Email address for end user feedback, displayed on PW UI.
  - `support_phone` - Phone number for end user support, displayed on PW UI.

diff --git a/terraform/050-pw-manager/main-api.tf b/terraform/050-pw-manager/main-api.tf
@@ -61,6 +61,7 @@ locals {
   task_def = templatefile("${path.module}/task-definition-api.json", {
     access_token_hash                   = random_id.access_token_hash.hex
     alerts_email                        = var.alerts_email
+    alerts_email_enabled                = var.alerts_email_enabled
     app_env                             = var.app_env
     app_name                            = var.app_name
     aws_region                          = var.aws_region

diff --git a/terraform/050-pw-manager/task-definition-api.json b/terraform/050-pw-manager/task-definition-api.json
@@ -29,6 +29,10 @@
         "name": "ALERTS_EMAIL",
         "value": "${alerts_email}"
       },
+      {
+        "name": "ALERTS_EMAIL_ENABLED",
+        "value": "${alerts_email_enabled}"
+      },
       {
         "name": "APP_ENV",
         "value": "${app_env}"

diff --git a/terraform/050-pw-manager/vars.tf b/terraform/050-pw-manager/vars.tf
@@ -7,11 +7,17 @@ variable "alb_https_listener_arn" {
 }
 
 variable "alerts_email" {
-  description = "Email to which to send error alerts. Omit to disable email alerts."
+  description = "Email to which to send error alerts"
   type        = string
   default     = ""
 }
 
+variable "alerts_email_enabled" {
+  description = "Set to true to disable email alerts. Must be a string for insertion into task definition."
+  type        = string
+  default     = "true"
+}
+
 variable "api_subdomain" {
   type = string
 }