VED-26: Resolve Sonar warning. Add pre-deploy check for private subnets.

Author: mfjarvis

backend/src/models/utils/permission_checker.py

@@ -23,7 +23,7 @@ def _expand_permissions(permissions: list[str]) -> dict[str, list[ApiOperationCo
 def validate_permissions(permissions: list[str], operation: ApiOperationCode, vaccine_types: list[str]):
     expanded_permissions = _expand_permissions(permissions)
     print(f"operation: {operation}, expanded_permissions: {expanded_permissions}, vaccine_types: {vaccine_types}")
-    return all([
+    return all(
         operation in expanded_permissions.get(vaccine_type.lower(), [])
         for vaccine_type in vaccine_types
-    ])
+    )

terraform/variables.tf

@@ -38,6 +38,13 @@ locals {
   private_subnet_ids = [for k, v in data.aws_route.internet_traffic_route_by_subnet : k if length(v.nat_gateway_id) > 0]
 }
 
+check "private_subnets" {
+  assert {
+    condition     = length(local.private_subnet_ids) > 0
+    error_message = "No private subnets with internet access found in VPC ${data.aws_vpc.default.id}"
+  }
+}
+
 data "aws_vpc" "default" {
   default = true
 }