Merge branch 'main' of https://github.com/NHSDigital/nhs-notify-web-template-management into feature/CCM-10048_flakey-tests

Author: bhansell1

frontend/src/__tests__/utils/markdownit/__snapshots__/index.test.tsx.snap

@@ -12,7 +12,7 @@ exports[`renderEmailMarkdown should only process email markdown rules 1`] = `
 <li>ordered list item 1</li>
 <li>ordered list item 2</li>
 </ol>
-<p><a href="https://www.nhs.uk/example">Read more</a></p>
+<p><a href="https://www.nhs.uk/example" target="_blank" rel="noopener noreferrer">Read more</a></p>
 <p>https://www.nhs.uk/example</p>
 <p>Before page break</p>
 <hr>
@@ -38,7 +38,7 @@ exports[`renderNHSAppMarkdown should only process nhs app markdown rules 1`] = `
 <li>ordered list item 1</li>
 <li>ordered list item 2</li>
 </ol>
-<p><a href="https://www.nhs.uk/example">Read more</a></p>
+<p><a href="https://www.nhs.uk/example" target="_blank" rel="noopener noreferrer">Read more</a></p>
 <p>https://www.nhs.uk/example</p>
 <p>Before page break
 ***

frontend/src/utils/markdownit/index.ts

@@ -4,6 +4,13 @@ import { lineBreak } from './plugins/line-break';
 export class MarkdownItWrapper extends MarkdownIt {
   constructor() {
     super('zero');
+
+    // rendered links should open in a new tab
+    this.renderer.rules.link_open = (tokens, idx) => {
+      const href = tokens[idx].attrGet('href');
+
+      return `<a href="${href}" target="_blank" rel="noopener noreferrer">`;
+    };
   }
 
   /**

infrastructure/terraform/bin/terraform.sh

@@ -403,7 +403,7 @@ readonly component_name=$(basename ${component_path});
 # verify terraform version matches .tool-versions
 echo ${PWD}
 tool_version=$(grep "terraform " .tool-versions | cut -d ' ' -f 2)
-asdf plugin-add terraform && asdf install terraform "${tool_version}"
+asdf plugin add terraform && asdf install terraform "${tool_version}"
 current_version=$(terraform --version | head -n 1 | cut -d 'v' -f 2)
 
 if [ -z "${current_version}" ] || [ "${current_version}" != "${tool_version}" ]; then

infrastructure/terraform/components/acct/module_sandbox_kms.tf

@@ -54,4 +54,35 @@ data "aws_iam_policy_document" "kms" {
       ]
     }
   }
+
+  statement {
+    sid    = "AllowLogDeliveryEncrypt"
+    effect = "Allow"
+
+    principals {
+      type = "Service"
+
+      identifiers = [
+        "delivery.logs.amazonaws.com"
+      ]
+    }
+
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey*",
+    ]
+
+    resources = [
+      "*",
+    ]
+
+    condition {
+      test     = "StringLike"
+      variable = "kms:EncryptionContext:SourceArn"
+
+      values = [
+        "arn:aws:logs:${var.region}:${var.aws_account_id}:*",
+      ]
+    }
+  }
 }

infrastructure/terraform/components/app/README.md

@@ -17,7 +17,7 @@
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_aws_principal_org_id"></a> [aws\_principal\_org\_id](#input\_aws\_principal\_org\_id) | The AWS Org ID (numeric) | `string` | n/a | yes |
 | <a name="input_backup_report_recipient"></a> [backup\_report\_recipient](#input\_backup\_report\_recipient) | Primary recipient of the Backup reports | `string` | `""` | no |
-| <a name="input_backup_schedule_cron"></a> [backup\_schedule\_cron](#input\_backup\_schedule\_cron) | Defines the backup schedule in AWS Cron Expression format | `string` | `"cron(0 0/6 * * ? *)"` | no |
+| <a name="input_backup_schedule_cron"></a> [backup\_schedule\_cron](#input\_backup\_schedule\_cron) | Defines the backup schedule in AWS Cron Expression format | `string` | `"cron(0 2 * * ? *)"` | no |
 | <a name="input_branch_name"></a> [branch\_name](#input\_branch\_name) | The branch name to deploy | `string` | `"main"` | no |
 | <a name="input_cognito_user_pool_additional_callback_urls"></a> [cognito\_user\_pool\_additional\_callback\_urls](#input\_cognito\_user\_pool\_additional\_callback\_urls) | A list of additional callback\_urls for the cognito user pool | `list(string)` | `[]` | no |
 | <a name="input_commit_id"></a> [commit\_id](#input\_commit\_id) | The commit to deploy. Must be in the tree for branch\_name | `string` | `"HEAD"` | no |
@@ -50,11 +50,11 @@
 |------|--------|---------|
 | <a name="module_amplify_branch"></a> [amplify\_branch](#module\_amplify\_branch) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/amp_branch | v1.0.0 |
 | <a name="module_backend_api"></a> [backend\_api](#module\_backend\_api) | ../../modules/backend-api | n/a |
-| <a name="module_download_authorizer_lambda"></a> [download\_authorizer\_lambda](#module\_download\_authorizer\_lambda) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda | v2.0.2 |
+| <a name="module_download_authorizer_lambda"></a> [download\_authorizer\_lambda](#module\_download\_authorizer\_lambda) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda | v2.0.13 |
 | <a name="module_eventpub"></a> [eventpub](#module\_eventpub) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/eventpub | v1.0.13 |
 | <a name="module_kms"></a> [kms](#module\_kms) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/kms | v1.0.8 |
 | <a name="module_kms_us_east_1"></a> [kms\_us\_east\_1](#module\_kms\_us\_east\_1) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/kms | v1.0.8 |
-| <a name="module_nhse_backup_vault"></a> [nhse\_backup\_vault](#module\_nhse\_backup\_vault) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/aws-backup-source | v1.0.8 |
+| <a name="module_nhse_backup_vault"></a> [nhse\_backup\_vault](#module\_nhse\_backup\_vault) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/aws-backup-source | v2.0.12 |
 | <a name="module_s3bucket_cf_logs"></a> [s3bucket\_cf\_logs](#module\_s3bucket\_cf\_logs) | git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket | v2.0.2 |
 ## Outputs
 

infrastructure/terraform/components/app/module_download_authorizer_lambda.tf

@@ -1,5 +1,5 @@
 module "download_authorizer_lambda" {
-  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda?ref=v2.0.2"
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/lambda?ref=v2.0.13"
 
   providers = {
     aws = aws.us-east-1

infrastructure/terraform/components/app/module_kms.tf

@@ -75,4 +75,35 @@ data "aws_iam_policy_document" "kms" {
       ]
     }
   }
+
+  statement {
+    sid    = "AllowLogDeliveryEncrypt"
+    effect = "Allow"
+
+    principals {
+      type = "Service"
+
+      identifiers = [
+        "delivery.logs.amazonaws.com"
+      ]
+    }
+
+    actions = [
+      "kms:Decrypt",
+      "kms:GenerateDataKey*",
+    ]
+
+    resources = [
+      "*",
+    ]
+
+    condition {
+      test     = "StringLike"
+      variable = "kms:EncryptionContext:SourceArn"
+
+      values = [
+        "arn:aws:logs:${var.region}:${var.aws_account_id}:*",
+      ]
+    }
+  }
 }

infrastructure/terraform/components/app/module_nhse_backup_vault.tf

@@ -1,10 +1,11 @@
 module "nhse_backup_vault" {
-  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/aws-backup-source?ref=v1.0.8"
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/aws-backup-source?ref=v2.0.12"
   count  = var.destination_vault_arn != null ? 1 : 0
 
-  component                    = var.component
-  environment                  = var.environment
-  project                      = var.project
+  component   = var.component
+  environment = var.environment
+  project     = var.project
+
   backup_copy_vault_account_id = data.aws_arn.destination_vault_arn[0].account
   backup_copy_vault_arn        = data.aws_arn.destination_vault_arn[0].arn
 

infrastructure/terraform/components/app/variables.tf

@@ -139,7 +139,7 @@ variable "destination_vault_arn" {
 variable "backup_schedule_cron" {
   type        = string
   description = "Defines the backup schedule in AWS Cron Expression format"
-  default     = "cron(0 0/6 * * ? *)"
+  default     = "cron(0 2 * * ? *)"
 }
 
 variable "retention_period" {

infrastructure/terraform/components/sandbox/module_backend_api.tf

@@ -21,9 +21,10 @@ module "backend_api" {
   letter_suppliers = var.letter_suppliers
 
   kms_key_arn          = data.aws_kms_key.sandbox.arn
-  dynamodb_kms_key_arn = data.aws_kms_key.sandbox.arn
 
   test_environment_mock_guardduty_event_source = "test.guardduty"
 
   send_to_firehose = false
+
+  enable_event_stream = true
 }