Merge pull request #561 from NHSDigital/release/2025-03-31

Release/2025 03 31

Author: jameslinnell

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2025-03-31
+- [PI-835] Clean up deployment policies
+- [PI-861] Remove SDS secret access
+- [PI-862] Update Support policy
+- [PI-863] Update Developer Role permissions
+
 ## 2025-03-26
 - [PI-407] Immutable Backups
 

README.md

@@ -544,3 +544,13 @@ To run the SBOM commands there are some make commands that currently handle this
 The project originally was designed to have a concept of an EPRv2. This did not work out but we have kept the remains of the EPR work in an archive folder located in the `root/archived_epr`. The EPR code was supposed to fit into the structure of our existing CPM model but it became apparent as requirements came through that this would not be possible. You will find in this folder `swagger/OAS spec`, `lambdas`, `ETL` and `tests`.
 
 This has been left in for future reference. The code would need to be transferred back into the root of the project, changing `src_old` back to `src` and merging into the existing `src` directory.
+
+### Secrets
+
+There are some secrets that we have left within CPM that were needed in order to make connections to LDAP and HSCN - if we were to delete them then the specific details we had obtained as CPM would be lost.
+We have left them in the code for potential future use, if you want to delete them and start afresh that is also fine - below are the secrets, they exist in each environment:
+
+"sds-hscn-endpoint"
+"ldap-host"
+"ldap-changelog-user"
+"ldap-changelog-password"

VERSION

@@ -1 +1 @@
-2025.03.26
+2025.03.31

changelog/2025-03-31.md

@@ -0,0 +1,4 @@
+- [PI-835] Clean up deployment policies
+- [PI-861] Remove SDS secret access
+- [PI-862] Update Support policy
+- [PI-863] Update Developer Role permissions

infrastructure/terraform/per_account/dev/parameters/main.tf

@@ -63,10 +63,6 @@ resource "aws_secretsmanager_secret" "apigee-app-client-info" {
   name = "${terraform.workspace}--apigee-app-client-info"
 }
 
-resource "aws_secretsmanager_secret" "apigee-sds-app-key" {
-  name = "${terraform.workspace}-apigee-sds-app-key"
-}
-
 resource "aws_secretsmanager_secret" "external-id" {
   name = "${terraform.workspace}-external-id"
 }

infrastructure/terraform/per_account/int/parameters/main.tf

@@ -39,6 +39,10 @@ resource "aws_secretsmanager_secret" "apigee-app-key" {
   name = "${terraform.workspace}-apigee-app-key"
 }
 
+resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
+  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
+}
+
 resource "aws_secretsmanager_secret" "sds-hscn-endpoint" {
   name = "${terraform.workspace}-sds-hscn-endpoint"
 }
@@ -54,13 +58,6 @@ resource "aws_secretsmanager_secret" "ldap-changelog-user" {
 resource "aws_secretsmanager_secret" "ldap-changelog-password" {
   name = "${terraform.workspace}-ldap-changelog-password"
 }
-resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
-  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
-}
-
-resource "aws_secretsmanager_secret" "apigee-sds-app-key" {
-  name = "${terraform.workspace}-apigee-sds-app-key"
-}
 
 resource "aws_secretsmanager_secret" "external-id" {
   name = "${terraform.workspace}-external-id"

infrastructure/terraform/per_account/prod/parameters/main.tf

@@ -39,6 +39,10 @@ resource "aws_secretsmanager_secret" "apigee-app-key" {
   name = "${terraform.workspace}-apigee-app-key"
 }
 
+resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
+  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
+}
+
 resource "aws_secretsmanager_secret" "sds-hscn-endpoint" {
   name = "${terraform.workspace}-sds-hscn-endpoint"
 }
@@ -55,14 +59,6 @@ resource "aws_secretsmanager_secret" "ldap-changelog-password" {
   name = "${terraform.workspace}-ldap-changelog-password"
 }
 
-resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
-  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
-}
-
-resource "aws_secretsmanager_secret" "apigee-sds-app-key" {
-  name = "${terraform.workspace}-apigee-sds-app-key"
-}
-
 resource "aws_secretsmanager_secret" "external-id" {
   name = "${terraform.workspace}-external-id"
 }

infrastructure/terraform/per_account/qa/parameters/main.tf

@@ -39,6 +39,10 @@ resource "aws_secretsmanager_secret" "apigee-app-key" {
   name = "${terraform.workspace}-apigee-app-key"
 }
 
+resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
+  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
+}
+
 resource "aws_secretsmanager_secret" "sds-hscn-endpoint" {
   name = "${terraform.workspace}-sds-hscn-endpoint"
 }
@@ -55,14 +59,6 @@ resource "aws_secretsmanager_secret" "ldap-changelog-password" {
   name = "${terraform.workspace}-ldap-changelog-password"
 }
 
-resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
-  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
-}
-
-resource "aws_secretsmanager_secret" "apigee-sds-app-key" {
-  name = "${terraform.workspace}-apigee-sds-app-key"
-}
-
 resource "aws_secretsmanager_secret" "external-id" {
   name = "${terraform.workspace}-external-id"
 }

infrastructure/terraform/per_account/ref/parameters/main.tf

@@ -39,6 +39,10 @@ resource "aws_secretsmanager_secret" "apigee-app-key" {
   name = "${terraform.workspace}-apigee-app-key"
 }
 
+resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
+  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
+}
+
 resource "aws_secretsmanager_secret" "sds-hscn-endpoint" {
   name = "${terraform.workspace}-sds-hscn-endpoint"
 }
@@ -55,18 +59,10 @@ resource "aws_secretsmanager_secret" "ldap-changelog-password" {
   name = "${terraform.workspace}-ldap-changelog-password"
 }
 
-resource "aws_secretsmanager_secret" "etl_notify_slack_webhook_url" {
-  name = "${terraform.workspace}--etl-notify-slack-webhook-url"
-}
-
 resource "aws_secretsmanager_secret" "apigee-app-client-info" {
   name = "${terraform.workspace}--apigee-app-client-info"
 }
 
-resource "aws_secretsmanager_secret" "apigee-sds-app-key" {
-  name = "${terraform.workspace}-apigee-sds-app-key"
-}
-
 resource "aws_secretsmanager_secret" "external-id" {
   name = "${terraform.workspace}-external-id"
 }

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "connecting-party-manager"
-version = "2025.03.26"
+version = "2025.03.31"
 description = "Repository for the Connecting Party Manager API and related services"
 authors = ["NHS England"]
 license = "LICENSE.md"