CCM-8637: sftp send proof (#398)

Author: alexnuttall

frontend/jest.config.ts

@@ -22,6 +22,7 @@ const config: Config = {
   ...baseJestConfig,
 
   coveragePathIgnorePatterns: [
+    ...(baseJestConfig.coveragePathIgnorePatterns ?? []),
     '.types.ts',
     'layout.tsx',
     'container.tsx',

infrastructure/terraform/components/acct/README.md

@@ -19,6 +19,7 @@
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_initial_cli_secrets_provision_override"></a> [initial\_cli\_secrets\_provision\_override](#input\_initial\_cli\_secrets\_provision\_override) | A map of default value to intialise SSM secret values with. Only useful for initial setup of the account due to lifecycle rules. | `map(string)` | `{}` | no |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the account (across all environments) | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | `{}` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_observability_account_id"></a> [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |

infrastructure/terraform/components/acct/locals.tf

@@ -14,4 +14,7 @@ locals {
     for az_index, az in data.aws_availability_zones.available.names :
     cidrsubnet(var.vpc_cidr, max(var.vpc_subnet_cidr_bits.private, local.required_bits_private), az_index + length(data.aws_availability_zones.available.names))
   ]
+
+  mock_letter_supplier_name     = "WTMMOCK"
+  use_sftp_letter_supplier_mock = lookup(var.letter_suppliers, local.mock_letter_supplier_name, null) != null
 }

infrastructure/terraform/components/acct/ssm_parameter_sftp_mock_config.tf

@@ -0,0 +1,26 @@
+resource "aws_ssm_parameter" "sftp_mock_config" {
+  count = local.use_sftp_letter_supplier_mock ? 1 : 0
+
+  name = format(
+    "/%s/sftp-mock-config",
+    local.csi,
+  )
+  description = "Configuration values for accessing an SFTP mock server"
+  type        = "SecureString"
+
+  /*
+  JSON object matching:
+  {
+    "host": string
+    "username": string,
+    "privateKey": string,
+    "baseUploadDir": "WTMMOCK/Incoming,
+    "baseDownloadDir": "WTMMOCK/Outgoing"
+  }
+  */
+  value = "placeholder"
+
+  lifecycle {
+    ignore_changes = [value]
+  }
+}

infrastructure/terraform/components/acct/variables.tf

@@ -104,3 +104,13 @@ variable "vpc_subnet_cidr_bits" {
     private = 3  # Larger subnets for private resources, 3 creates /19 subnets over 3x Az
   }
 }
+
+variable "letter_suppliers" {
+  type = map(object({
+    enable_polling   = bool
+    default_supplier = optional(bool)
+  }))
+  description = "Letter suppliers enabled in the account (across all environments)"
+
+  default = {}
+}

infrastructure/terraform/components/app/README.md

@@ -36,6 +36,7 @@
 | <a name="input_event_delivery_logging_success_sample_percentage"></a> [event\_delivery\_logging\_success\_sample\_percentage](#input\_event\_delivery\_logging\_success\_sample\_percentage) | Enable caching of events to an S3 bucket | `number` | `0` | no |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonmous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | `{}` | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_observability_account_id"></a> [observability\_account\_id](#input\_observability\_account\_id) | The Observability Account ID that needs access | `string` | n/a | yes |
 | <a name="input_parent_acct_environment"></a> [parent\_acct\_environment](#input\_parent\_acct\_environment) | Name of the environment responsible for the acct resources used, affects things like DNS zone. Useful for named dev environments | `string` | `"main"` | no |

infrastructure/terraform/components/app/module_backend_api.tf

@@ -3,19 +3,21 @@
 module "backend_api" {
   source = "../../modules/backend-api"
 
-  project               = var.project
-  environment           = var.environment
-  component             = var.component
-  aws_account_id        = var.aws_account_id
-  region                = var.region
-  group                 = var.group
-  csi                   = local.csi
-  log_retention_in_days = var.log_retention_in_days
-  kms_key_arn           = module.kms.key_arn
+  project                 = var.project
+  environment             = var.environment
+  component               = var.component
+  aws_account_id          = var.aws_account_id
+  region                  = var.region
+  group                   = var.group
+  csi                     = local.csi
+  log_retention_in_days   = var.log_retention_in_days
+  kms_key_arn             = module.kms.key_arn
+  parent_acct_environment = var.parent_acct_environment
 
   cognito_config = jsondecode(aws_ssm_parameter.cognito_config.value)
 
   enable_backup = var.destination_vault_arn != null ? true : false
 
-  enable_letters = var.enable_letters
+  enable_letters   = var.enable_letters
+  letter_suppliers = var.letter_suppliers
 }

infrastructure/terraform/components/app/variables.tf

@@ -192,3 +192,22 @@ variable "observability_account_id" {
   type        = string
   description = "The Observability Account ID that needs access"
 }
+
+variable "letter_suppliers" {
+  type = map(object({
+    enable_polling   = bool
+    default_supplier = optional(bool)
+  }))
+
+  validation {
+    condition = (
+      length(var.letter_suppliers) == 0 ||
+      length([for s in values(var.letter_suppliers) : s if s.default_supplier]) == 1
+    )
+    error_message = "If letter suppliers are configured, exactly one must be default_supplier"
+  }
+
+  default = {}
+
+  description = "Letter suppliers enabled in the environment"
+}

infrastructure/terraform/components/sandbox/README.md

@@ -15,6 +15,7 @@ No requirements.
 | <a name="input_environment"></a> [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes |
 | <a name="input_group"></a> [group](#input\_group) | The group variables are being inherited from (often synonymous with account short-name) | `string` | n/a | yes |
 | <a name="input_kms_deletion_window"></a> [kms\_deletion\_window](#input\_kms\_deletion\_window) | When a kms key is deleted, how long should it wait in the pending deletion state? | `string` | `"30"` | no |
+| <a name="input_letter_suppliers"></a> [letter\_suppliers](#input\_letter\_suppliers) | Letter suppliers enabled in the environment | <pre>map(object({<br/>    enable_polling   = bool<br/>    default_supplier = optional(bool)<br/>  }))</pre> | <pre>{<br/>  "WTMMOCK": {<br/>    "default_supplier": true,<br/>    "enable_polling": true<br/>  }<br/>}</pre> | no |
 | <a name="input_log_retention_in_days"></a> [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period in days for the Cloudwatch Logs events to be retained, default of 0 is indefinite | `number` | `0` | no |
 | <a name="input_project"></a> [project](#input\_project) | The name of the tfscaffold project | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | The AWS Region | `string` | n/a | yes |
@@ -32,6 +33,9 @@ No requirements.
 | <a name="output_cognito_user_pool_id"></a> [cognito\_user\_pool\_id](#output\_cognito\_user\_pool\_id) | n/a |
 | <a name="output_internal_bucket_name"></a> [internal\_bucket\_name](#output\_internal\_bucket\_name) | n/a |
 | <a name="output_quarantine_bucket_name"></a> [quarantine\_bucket\_name](#output\_quarantine\_bucket\_name) | n/a |
+| <a name="output_send_proof_queue_url"></a> [send\_proof\_queue\_url](#output\_send\_proof\_queue\_url) | n/a |
+| <a name="output_sftp_environment"></a> [sftp\_environment](#output\_sftp\_environment) | n/a |
+| <a name="output_sftp_mock_credential_path"></a> [sftp\_mock\_credential\_path](#output\_sftp\_mock\_credential\_path) | n/a |
 | <a name="output_templates_table_name"></a> [templates\_table\_name](#output\_templates\_table\_name) | n/a |
 <!-- vale on -->
 <!-- markdownlint-enable -->

infrastructure/terraform/components/sandbox/module_backend_api.tf

@@ -1,22 +1,24 @@
 module "backend_api" {
   source = "../../modules/backend-api"
 
-  project               = var.project
-  environment           = var.environment
-  component             = var.component
-  aws_account_id        = var.aws_account_id
-  region                = var.region
-  group                 = var.group
-  csi                   = local.csi
-  log_retention_in_days = var.log_retention_in_days
+  project                 = var.project
+  environment             = var.environment
+  component               = var.component
+  aws_account_id          = var.aws_account_id
+  region                  = var.region
+  group                   = var.group
+  csi                     = local.csi
+  log_retention_in_days   = var.log_retention_in_days
+  parent_acct_environment = "main"
 
 
   cognito_config = {
     USER_POOL_ID        = aws_cognito_user_pool.sandbox.id
     USER_POOL_CLIENT_ID = aws_cognito_user_pool_client.sandbox.id
   }
 
-  enable_letters = true
+  enable_letters   = true
+  letter_suppliers = var.letter_suppliers
 
   kms_key_arn          = data.aws_kms_key.sandbox.arn
   dynamodb_kms_key_arn = data.aws_kms_key.sandbox.arn