Feature/axkr1 nrl 1664 new perftest environment on v3.0.29

README.md

@@ -65,7 +65,7 @@ In order to do this, make sure you have AWS CLI installed and configured, then r
 make ENV=env truststore-pull-all
 ```
 
-Where `env` is one of `dev`, `qa` , `int`, `ref` or `prod`.
+Where `env` is one of `dev`, `qa` , `int`, `perftest`, `ref` or `prod`.
 
 ## Getting Started
 

scripts/truststore.sh

@@ -109,17 +109,22 @@ function _truststore_build_cert() {
 
 
 function _truststore_build_all() {
-    _truststore_build_ca "prod" "record-locator.national.nhs.uk"
-    _truststore_build_ca "int"  "record-locator.int.national.nhs.uk"
-    _truststore_build_ca "ref"  "record-locator.ref.national.nhs.uk"
-    _truststore_build_ca "qa"   "qa.record-locator.national.nhs.uk"
-    _truststore_build_ca "dev"  "record-locator.dev.national.nhs.uk"
-
-    _truststore_build_cert "prod" "prod" "api.record-locator.national.nhs.uk"
-    _truststore_build_cert "int"  "int"  "int.api.record-locator.int.national.nhs.uk"
-    _truststore_build_cert "ref"  "ref"  "ref.api.record-locator.ref.national.nhs.uk"
-    _truststore_build_cert "qa"   "qa"   "api.qa.record-locator.national.nhs.uk"
-    _truststore_build_cert "dev"  "dev"  "dev.api.record-locator.dev.national.nhs.uk"
+    _truststore_build_ca "prod"     "record-locator.national.nhs.uk_CA2"
+    _truststore_build_ca "int"      "record-locator.int.national.nhs.uk_CA2"
+    _truststore_build_ca "ref"      "record-locator.ref.national.nhs.uk_CA2"
+    _truststore_build_ca "perftest" "perftest.record-locator.national.nhs.uk_CA2"
+    _truststore_build_ca "qa"       "qa.record-locator.national.nhs.uk_CA2"
+    _truststore_build_ca "dev"      "record-locator.dev.national.nhs.uk_CA2"
+
+    _truststore_build_cert "prod"     "prod" "api.record-locator.national.nhs.uk"
+    _truststore_build_cert "int"      "int"  "int.api.record-locator.int.national.nhs.uk"
+    _truststore_build_cert "ref"      "ref"  "ref.api.record-locator.ref.national.nhs.uk"
+    _truststore_build_cert "perftest" "perftest"  "api.perftest.record-locator.national.nhs.uk"
+    _truststore_build_cert "qa"       "qa"   "api.qa.record-locator.national.nhs.uk"
+    _truststore_build_cert "dev"      "dev"  "dev.api.record-locator.dev.national.nhs.uk"
+
+    echo -e "✅ Successfully built all truststore files"
+    return 0
 }
 
 function _truststore_pull_ca() {

terraform/account-wide-infrastructure/mgmt/route53.tf

@@ -136,3 +136,16 @@ resource "aws_route53_record" "NEW_qa_zone_delegation" {
   ttl  = 300
   type = "NS"
 }
+
+resource "aws_route53_record" "perftest_zone_delegation" {
+  zone_id = aws_route53_zone.prod_zone.zone_id
+  name    = "perftest.record-locator.national.nhs.uk"
+  records = [
+    "ns-885.awsdns-46.net.",
+    "ns-1995.awsdns-57.co.uk.",
+    "ns-239.awsdns-29.com.",
+    "ns-1424.awsdns-50.org."
+  ]
+  ttl  = 300
+  type = "NS"
+}

terraform/account-wide-infrastructure/test/domain.tf

@@ -38,3 +38,12 @@ module "ref-custom-domain-name" {
   mtls_certificate_file         = "s3://${module.ref-truststore-bucket.bucket_name}/${module.ref-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.ref-truststore-bucket.certificates_object_version
 }
+
+module "perftest-custom-domain-name" {
+  source                        = "../modules/env-custom-domain-name"
+  domain_name                   = var.perftest_api_domain_name
+  domain_zone                   = aws_route53_zone.test-perftest-ns.name
+  mtls_certificate_file         = "s3://${module.perftest-truststore-bucket.bucket_name}/${module.perftest-truststore-bucket.certificates_object_key}"
+  mtls_certificate_file_version = module.perftest-truststore-bucket.certificates_object_version
+  depends_on                    = [aws_route53_zone.test-perftest-ns]
+}

terraform/account-wide-infrastructure/test/dynamodb__pointers-table.tf

@@ -30,3 +30,11 @@ module "ref-pointers-table" {
   enable_pitr                 = true
   kms_deletion_window_in_days = 30
 }
+
+module "perftest-pointers-table" {
+  source                      = "../modules/pointers-table"
+  name_prefix                 = "nhsd-nrlf--perftest"
+  enable_deletion_protection  = true
+  enable_pitr                 = true
+  kms_deletion_window_in_days = 30
+}

terraform/account-wide-infrastructure/test/route53.tf

@@ -17,3 +17,7 @@ resource "aws_route53_zone" "NEW_test-ref-ns" {
 resource "aws_route53_zone" "test-ref-ns" {
   name = "api.record-locator.ref.national.nhs.uk"
 }
+
+resource "aws_route53_zone" "test-perftest-ns" {
+  name = "perftest.record-locator.national.nhs.uk"
+}

terraform/account-wide-infrastructure/test/s3.tf

@@ -24,6 +24,11 @@ module "ref-permissions-store-bucket" {
   name_prefix = "nhsd-nrlf--ref"
 }
 
+module "perftest-permissions-store-bucket" {
+  source      = "../modules/permissions-store-bucket"
+  name_prefix = "nhsd-nrlf--perftest"
+}
+
 module "qa-truststore-bucket" {
   source                  = "../modules/truststore-bucket"
   name_prefix             = "nhsd-nrlf--qa"
@@ -53,3 +58,9 @@ module "ref-truststore-bucket" {
   name_prefix             = "nhsd-nrlf--ref"
   server_certificate_file = "../../../truststore/server/ref.pem"
 }
+
+module "perftest-truststore-bucket" {
+  source                  = "../modules/truststore-bucket"
+  name_prefix             = "nhsd-nrlf--perftest"
+  server_certificate_file = "../../../truststore/server/perftest.pem"
+}

terraform/account-wide-infrastructure/test/secrets.tf

@@ -17,6 +17,11 @@ resource "aws_secretsmanager_secret" "ref_smoke_test_apigee_app" {
   description = "APIGEE App used to run Smoke Tests against the REF environment"
 }
 
+resource "aws_secretsmanager_secret" "perftest_smoke_test_apigee_app" {
+  name        = "${local.prefix}--perftest--apigee-app--smoke-test"
+  description = "APIGEE App used to run Smoke Tests against the perftest environment"
+}
+
 resource "aws_secretsmanager_secret" "backup_destination_parameters" {
   name        = "${local.prefix}--backup-destination-parameters"
   description = "Parameters used to configure the backup destination"
@@ -50,6 +55,11 @@ resource "aws_secretsmanager_secret" "ref_smoke_test_parameters" {
   description = "Parameters used to run Smoke Tests against the ref environment"
 }
 
+resource "aws_secretsmanager_secret" "perftest_smoke_test_parameters" {
+  name        = "${local.project}--perftest--smoke-test-parameters"
+  description = "Parameters used to run Smoke Tests against the perftest environment"
+}
+
 
 #
 # Splunk Configuration secrets
@@ -107,6 +117,11 @@ resource "aws_secretsmanager_secret" "ref_environment_configuration" {
   description = "The environment configuration for the Ref environment"
 }
 
+resource "aws_secretsmanager_secret" "perftest_environment_configuration" {
+  name        = "${local.project}--perftest--env-config"
+  description = "The environment configuration for the Perftest environment"
+}
+
 #
 # PowerBI secrets
 #

terraform/account-wide-infrastructure/test/vars.tf

@@ -29,6 +29,11 @@ variable "ref_api_domain_name" {
   default     = "ref.api.record-locator.ref.national.nhs.uk"
 }
 
+variable "perftest_api_domain_name" {
+  description = "The internal DNS name of the API Gateway for the perftest environment"
+  default     = "api.perftest.record-locator.national.nhs.uk"
+}
+
 variable "enable_reporting" {
   type        = bool
   description = "Enable account-wide reporting processes in the test account"

terraform/infrastructure/README.md

@@ -8,16 +8,17 @@ Each developer/QA can create their own ephemeral instance of the NRLF infrastruc
 
 This project has a number of "persistent environments", similar to traditional dev, ref and prod environments. Each of these environments will typically contain multiple NRLF stacks, allowing for blue/green style deployment, and have shared storage infrastructure like DynamoDB tables and S3 buckets. The persistent environments are deployed as follows:
 
-| Environment  | TF Workspace  | TF Config         | AWS Account | Internal Domain                      | Public Domain                             |
-| ------------ | ------------- | ----------------- | ----------- | ------------------------------------ | ----------------------------------------- |
-| internal-dev | dev-N         | `etc/dev.tfvars`  | dev         | `record-locator.dev.national.nhs.uk` | `internal-dev.api.service.nhs.uk`         |
-| dev-sandbox  | dev-sandbox-N | `etc/dev.tfvars`  | dev         | `record-locator.dev.national.nhs.uk` | `internal-dev-sandbox.api.service.nhs.uk` |
-| internal-qa  | qa-N          | `etc/qa.tfvars`   | test        | `qa.record-locator.national.nhs.uk`  | `internal-qa.api.service.nhs.uk`          |
-| qa-sandbox   | qa-sandbox-N  | `etc/qa.tfvars`   | test        | `qa.record-locator.national.nhs.uk`  | `internal-qa-sandbox.api.service.nhs.uk`  |
-| int          | int-N         | `etc/int.tfvars`  | test        | `record-locator.int.national.nhs.uk` | `int.api.service.nhs.uk`                  |
-| sandbox      | int-sandbox-N | `etc/int.tfvars`  | test        | `record-locator.int.national.nhs.uk` | `sandbox.api.service.nhs.uk`              |
-| ref          | ref-N         | `etc/ref.tfvars`  | test        | `record-locator.ref.national.nhs.uk` | `ref.api.service.nhs.uk`                  |
-| prod         | prod-N        | `etc/prod.tfvars` | prod        | `record-locator.national.nhs.uk`     | `api.service.nhs.uk`                      |
+| Environment  | TF Workspace  | TF Config             | AWS Account | Internal Domain                           | Public Domain                             |
+| ------------ | ------------- | --------------------- | ----------- | ----------------------------------------- | ----------------------------------------- |
+| internal-dev | dev-N         | `etc/dev.tfvars`      | dev         | `record-locator.dev.national.nhs.uk`      | `internal-dev.api.service.nhs.uk`         |
+| dev-sandbox  | dev-sandbox-N | `etc/dev.tfvars`      | dev         | `record-locator.dev.national.nhs.uk`      | `internal-dev-sandbox.api.service.nhs.uk` |
+| internal-qa  | qa-N          | `etc/qa.tfvars`       | test        | `qa.record-locator.national.nhs.uk`       | `internal-qa.api.service.nhs.uk`          |
+| qa-sandbox   | qa-sandbox-N  | `etc/qa.tfvars`       | test        | `qa.record-locator.national.nhs.uk`       | `internal-qa-sandbox.api.service.nhs.uk`  |
+| int          | int-N         | `etc/int.tfvars`      | test        | `record-locator.int.national.nhs.uk`      | `int.api.service.nhs.uk`                  |
+| sandbox      | int-sandbox-N | `etc/int.tfvars`      | test        | `record-locator.int.national.nhs.uk`      | `sandbox.api.service.nhs.uk`              |
+| perftest     | perftest-N    | `etc/perftest.tfvars` | test        | `perftest.record-locator.national.nhs.uk` | `perftest.api.service.nhs.uk`             |
+| ref          | ref-N         | `etc/ref.tfvars`      | test        | `record-locator.ref.national.nhs.uk`      | `ref.api.service.nhs.uk`                  |
+| prod         | prod-N        | `etc/prod.tfvars`     | prod        | `record-locator.national.nhs.uk`          | `api.service.nhs.uk`                      |
 
 The `N` in the TF workspace name repesents the stack id in that environment. So, for example, the internal-dev environment might have two stacks, `dev-1` and `dev-2` with TF workspace names matching their stack names. All resources for the `dev-1` stack will be contained within the `dev-1` TF workspace.
 

terraform/infrastructure/etc/perftest.tfvars

@@ -0,0 +1,9 @@
+account_name     = "perftest"
+aws_account_name = "test"
+
+domain              = "api.perftest.record-locator.national.nhs.uk"
+deletion_protection = true
+
+public_domain        = "perftest.api.service.nhs.uk"
+log_retention_period = 30
+enable_reporting     = false