Merge branch 'DBTP-879--fix-alb-cert-bug' of github.com:uktrade/terra…

…form-platform-modules into DBTP-879--fix-alb-cert-bug

README.md

@@ -99,7 +99,7 @@ This will provision a CloudWatch Compute Dashboard and Application Insights for
 Example usage in `extensions.yml`...
 
 ```yaml
-demodjango-tf-monitoring:
+demodjango-monitoring:
   type: monitoring
   environments:
     "*":
@@ -108,3 +108,43 @@ demodjango-tf-monitoring:
       enable_ops_center: true
 ```
 
+## Using our `demodjango` application for testing
+
+Note: We are currently treating the `terraform-deployment` branch as our `main` branch for this work.
+
+- Terraform
+  - Edit the `environment` and `vpc_name` under `module.extensions-tf` in `terraform/demodjango.tf`
+  - `cd terraform`
+  - Create or select a Terraform workspace for your environment `terraform workspace new|select <environment>`
+  - `terraform apply`
+- AWS Copilot
+  - `cd ..`
+    - Make any required changes to have valid AWS Copilot configuration for your environment
+      - Copy the VPC IDs, Subnet IDs and certificate ARN from the AWS Console to your environment manifest
+      - Set the alias and copy the Application Load Balancer ARN from the AWS console to the `http` section for your environment in `copilot/web/manifest.yml`
+      ```
+      <environment>:
+        http:
+          alb: arn:aws:elasticloadbalancing:eu-west-2:852676506468:loadbalancer/app/demodjango-willg/bc968fa0a4fcd257
+          alias: internal.willg.demodjango.uktrade.digital
+      ```
+  - Add the `DJANGO_SECRET_KEY` secret for you environment `copilot secret init --name DJANGO_SECRET_KEY --values <environment>='<something_random>'`
+  - Deploy environment
+    - `copilot app init demodjango`
+    - `copilot env init --name <environment> --profile $AWS_PROFILE --default-config`
+    - `copilot env deploy --name <environment>`
+  - Deploy the web service with bootstrap image
+    - Set the `web` service to use the `copilot-bootstrap` image for now
+    - `copilot svc init --name web`
+    - `IMAGE_TAG=tag-latest copilot svc deploy --name web --env <environment>`
+    - Test it loads OK
+    - Swap to the proper image in the `web` manifest
+    - `IMAGE_TAG=tag-latest copilot svc deploy --name web --env <environment>`
+    - Test it loads OK, Celery checks will still fail for now
+  - Deploy Celery services
+    - `copilot svc init --name celery-worker`
+    - `IMAGE_TAG=tag-latest copilot svc deploy --name celery-worker --env <environment>`
+    - Skip next two, need to pull in the Celery Beat stuff from `main`...
+      - `copilot svc init --name celery-beat`
+      - `IMAGE_TAG=tag-latest copilot svc deploy --name celery-beat --env <environment>`
+    - Test the web service loads OK, including Celery checks

monitoring/locals.tf

@@ -1,2 +1,9 @@
 locals {
+  tags = {
+    application         = var.application
+    environment         = var.environment
+    managed-by          = "DBT Platform - Terraform"
+    copilot-application = var.application
+    copilot-environment = var.environment
+  }
 }

monitoring/main.tf

@@ -81,11 +81,11 @@ resource "aws_resourcegroups_group" "application-insights-resources" {
       ResourceTypeFilters = ["AWS::AllSupported"]
       TagFilters = [
         {
-          Key    = "copilot-application",
+          Key    = "copilot-application"
           Values = [var.application]
         },
         {
-          Key    = "copilot-environment",
+          Key    = "copilot-environment"
           Values = [var.environment]
         }
       ]

monitoring/tests/monitoring.tftest.hcl

@@ -1,3 +1,5 @@
+mock_provider "aws" {}
+
 variables {
   vpc_name    = "test-vpc"
   application = "test-application"
@@ -7,22 +9,117 @@ variables {
   }
 }
 
+# Compute dashboard
 run "test_compute_dashboard_is_created" {
   command = plan
 
-  variables {
-    application = "my_app"
-    environment = "my_env"
-    vpc_name    = "terraform-tests-vpc"
+  assert {
+    condition     = aws_cloudwatch_dashboard.compute.dashboard_name == "test-application-test-environment-compute"
+    error_message = "dashboard_name is incorrect"
+  }
+
+  # Test widgets are created
+  # Not checking the whole queries as we would just have to replicate the code from the manifest, which would not add much value, so we're just going to check that the expected widgets exist.
+  assert {
+    condition     = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[0].properties.title == "All Fargate Tasks Configuration and Consumption Details (CPU and Memory)"
+    error_message = "Configuration and Consumption Details (CPU and Memory) widget is not created"
+  }
+
+  assert {
+    condition     = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[1].properties.title == "Top 10 Fargate Tasks with Optimization Opportunities (CPU)"
+    error_message = "Optimization Opportunities (CPU) widget is not created"
+  }
+
+  assert {
+    condition     = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[2].properties.title == "Top 10 Fargate Tasks with Optimization Opportunities (Memory)"
+    error_message = "Optimization Opportunities (Memory) widget is not created"
+  }
 
+  assert {
+    condition     = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[3].properties.title == "CPU Reserved Vs Avg Usage (All Fargate Tasks)"
+    error_message = "CPU Reserved Vs Avg Usage widget is not created"
+  }
+
+  assert {
+    condition     = jsondecode(aws_cloudwatch_dashboard.compute.dashboard_body).widgets[4].properties.title == "Memory Reserved Vs Avg Usage (All Fargate Tasks)"
+    error_message = "Memory Reserved Vs Avg Usage widget is not created"
+  }
+}
+
+# Application insights
+run "test_application_insights_resource_group_is_created" {
+  command = plan
+
+  assert {
+    condition     = aws_resourcegroups_group.application-insights-resources.name == "test-application-test-environment-application-insights-resources"
+    error_message = "name is incorrect"
+  }
+
+  assert {
+    condition     = aws_resourcegroups_group.application-insights-resources.resource_query[0].type == "TAG_FILTERS_1_0"
+    error_message = "resource_query type is incorrect"
+  }
+
+  assert {
+    condition = jsondecode(aws_resourcegroups_group.application-insights-resources.resource_query[0].query).ResourceTypeFilters == [
+      "AWS::AllSupported"
+    ]
+    error_message = "ResourceTypeFilters is incorrect"
+  }
+
+  assert {
+    condition = contains(
+      jsondecode(aws_resourcegroups_group.application-insights-resources.resource_query[0].query).TagFilters,
+      {
+        Key    = "copilot-application"
+        Values = ["test-application"]
+      }
+    )
+    error_message = "Application TagFilter is incorrect"
+  }
+
+  assert {
+    condition = contains(
+      jsondecode(aws_resourcegroups_group.application-insights-resources.resource_query[0].query).TagFilters,
+      {
+        Key    = "copilot-environment"
+        Values = ["test-environment"]
+      }
+    )
+    error_message = "Environment TagFilter is incorrect"
+  }
+}
+
+run "test_application_insights_application_is_created" {
+  command = plan
+
+  assert {
+    condition     = aws_applicationinsights_application.application-insights.resource_group_name == "test-application-test-environment-application-insights-resources"
+    error_message = "resource_group_name is incorrect"
+  }
+
+  assert {
+    condition     = aws_applicationinsights_application.application-insights.auto_config_enabled == true
+    error_message = "auto_config_enabled should be true"
+  }
+
+  assert {
+    condition     = aws_applicationinsights_application.application-insights.ops_center_enabled == true
+    error_message = "ops_center_enabled should be true"
+  }
+}
+
+run "test_application_insights_application_can_be_created_with_ops_center_disabled" {
+  command = plan
+
+  variables {
     config = {
       enable_ops_center = false
     }
   }
 
-  # Compute Dashboard
   assert {
-    condition     = aws_cloudwatch_dashboard.compute.dashboard_name == "my_app-my_env-compute"
-    error_message = "dashboard_name is incorrect"
+    condition     = aws_applicationinsights_application.application-insights.ops_center_enabled == false
+    error_message = "ops_center_enabled should be false"
   }
 }