Add prod device sync related secrets to tf configs (#8323)

CDCgov · Dec 3, 2024 · a5afa4c · a5afa4c
1 parent 00c7e06
commit a5afa4c
Show file tree

Hide file tree

Showing 25 changed files with 150 additions and 7 deletions.
diff --git a/backend/src/main/resources/application.yaml b/backend/src/main/resources/application.yaml
@@ -159,6 +159,9 @@ simple-report:
   fhir-reporting-enabled: true
   support-escalation:
     enabled: false
+  production:
+    backend-url: ${SR_PROD_BACKEND_URL:http://localhost:8080}
+    devices-token: ${SR_PROD_DEVICES_TOKEN:sr-prod-devices-fake-token}
 twilio:
   messaging-service-sid: ${TWILIO_MESSAGING_SID}
 logging:

diff --git a/ops/demo/_data.tf b/ops/demo/_data.tf
@@ -182,3 +182,14 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
+
diff --git a/ops/demo/api.tf b/ops/demo/api.tf
@@ -53,6 +53,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/dev/_data.tf b/ops/dev/_data.tf
@@ -235,3 +235,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/dev/api.tf b/ops/dev/api.tf
@@ -59,6 +59,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/dev2/_data.tf b/ops/dev2/_data.tf
@@ -235,3 +235,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/dev2/api.tf b/ops/dev2/api.tf
@@ -60,6 +60,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/dev3/_data.tf b/ops/dev3/_data.tf
@@ -235,3 +235,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/dev3/api.tf b/ops/dev3/api.tf
@@ -60,6 +60,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/dev4/_data.tf b/ops/dev4/_data.tf
@@ -235,3 +235,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/dev4/api.tf b/ops/dev4/api.tf
@@ -60,6 +60,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/dev5/_data.tf b/ops/dev5/_data.tf
@@ -235,3 +235,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/dev5/api.tf b/ops/dev5/api.tf
@@ -60,7 +60,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
-
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/dev6/_data.tf b/ops/dev6/_data.tf
@@ -235,3 +235,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/dev6/api.tf b/ops/dev6/api.tf
@@ -61,6 +61,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/pentest/_data.tf b/ops/pentest/_data.tf
@@ -216,3 +216,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
diff --git a/ops/pentest/api.tf b/ops/pentest/api.tf
@@ -60,6 +60,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/prod/_data.tf b/ops/prod/_data.tf
@@ -247,4 +247,14 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
 data "azurerm_key_vault_secret" "slack_hook_token" {
   name         = "slack-hook-token-prod"
   key_vault_id = data.azurerm_key_vault.global.id
-}
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
diff --git a/ops/prod/api.tf b/ops/prod/api.tf
@@ -65,7 +65,8 @@ module "simple_report_api" {
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
     SLACK_HOOK_TOKEN                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.slack_hook_token.id})"
-
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/stg/_data.tf b/ops/stg/_data.tf
@@ -243,3 +243,13 @@ data "azurerm_key_vault_secret" "report_stream_exception_callback_token" {
   name         = "report-stream-exception-callback-test"
   key_vault_id = data.azurerm_key_vault.global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
diff --git a/ops/stg/api.tf b/ops/stg/api.tf
@@ -64,7 +64,8 @@ module "simple_report_api" {
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
     AZ_REPORTING_QUEUE_CXN_STRING                 = data.azurerm_storage_account.app.primary_connection_string
     RS_QUEUE_CALLBACK_TOKEN                       = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.report_stream_exception_callback_token.id})"
-
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml

diff --git a/ops/test/_data.tf b/ops/test/_data.tf
@@ -239,4 +239,14 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
 data "azurerm_key_vault_secret" "slack_hook_token" {
   name         = "slack-hook-token-test"
   key_vault_id = data.azurerm_key_vault.sr_global.id
-}
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.sr_global.id
+}
diff --git a/ops/test/api.tf b/ops/test/api.tf
@@ -58,7 +58,8 @@ module "simple_report_api" {
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
     SLACK_HOOK_TOKEN                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.slack_hook_token.id})"
-
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default, can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows/overrides an identical declaration in application.yaml

diff --git a/ops/training/_data.tf b/ops/training/_data.tf
@@ -210,3 +210,13 @@ data "azurerm_key_vault_secret" "datahub_signing_key" {
   name         = "datahub-signing-key-test"
   key_vault_id = data.azurerm_key_vault.global.id
 }
+
+data "azurerm_key_vault_secret" "simple_report_prod_backend_url" {
+  name         = "simple-report-prod-backend-url"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
+
+data "azurerm_key_vault_secret" "simple_report_prod_devices_token" {
+  name         = "simple-report-prod-devices-token"
+  key_vault_id = data.azurerm_key_vault.global.id
+}
diff --git a/ops/training/api.tf b/ops/training/api.tf
@@ -55,7 +55,8 @@ module "simple_report_api" {
     DATAHUB_API_KEY                               = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_api_key.id})"
     DATAHUB_FHIR_KEY                              = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_fhir_key.id})"
     DATAHUB_SIGNING_KEY                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.datahub_signing_key.id})"
-
+    SR_PROD_BACKEND_URL                           = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_backend_url.id})"
+    SR_PROD_DEVICES_TOKEN                         = "@Microsoft.KeyVault(SecretUri=${data.azurerm_key_vault_secret.simple_report_prod_devices_token.id})"
     # true by default: can be disabled quickly here
     # SPRING_LIQUIBASE_ENABLED                       = "true"
     # this shadows (and overrides) an identical declaration in application.yaml