FACT-1662 Remove single server (#1547)

* Removed single server

* Vuln fix

build.gradle

@@ -185,7 +185,7 @@ ext.libraries = [
 ]
 
 dependencies {
-  implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.1'
+  implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.2'
   implementation group: 'org.flywaydb', name: 'flyway-core', version: '9.22.3'
 
   implementation group: 'net.javacrumbs.shedlock', name: 'shedlock-spring', version: '5.10.2'

infrastructure/main.tf

@@ -1,33 +1,3 @@
-module "reform-notifications-db" {
-  source             = "git@github.com:hmcts/cnp-module-postgres?ref=master"
-  product            = var.product
-  component          = var.component
-  name               = "${var.product}-${var.component}"
-  location           = var.location_db
-  env                = var.env
-  database_name      = "notifications"
-  postgresql_user    = "notifier"
-  postgresql_version = "11"
-  sku_name           = "GP_Gen5_2"
-  sku_tier           = "GeneralPurpose"
-  common_tags        = var.common_tags
-  subscription       = var.subscription
-}
-
-module "reform-notifications-staging-db" {
-  source             = "git@github.com:hmcts/cnp-module-postgres?ref=master"
-  product            = "${var.component}-staging"
-  location           = var.location_db
-  env                = var.env
-  database_name      = "notifications"
-  postgresql_user    = "notifier"
-  postgresql_version = "11"
-  sku_name           = "GP_Gen5_2"
-  sku_tier           = "GeneralPurpose"
-  common_tags        = var.common_tags
-  subscription       = var.subscription
-}
-
 data "azurerm_key_vault" "reform_scan_key_vault" {
   name                = "reform-scan-${var.env}"
   resource_group_name = "reform-scan-${var.env}"
@@ -38,75 +8,6 @@ data "azurerm_key_vault" "s2s_key_vault" {
   resource_group_name = "rpe-service-auth-provider-${var.env}"
 }
 
-# region DB secrets
-# names have to be in such format as library hardcodes them for migration url build
-
-resource "azurerm_key_vault_secret" "db_user" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-POSTGRES-USER"
-  value        = module.reform-notifications-db.user_name
-}
-
-resource "azurerm_key_vault_secret" "db_password" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-POSTGRES-PASS"
-  value        = module.reform-notifications-db.postgresql_password
-}
-
-resource "azurerm_key_vault_secret" "db_host" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-POSTGRES-HOST"
-  value        = module.reform-notifications-db.host_name
-}
-
-resource "azurerm_key_vault_secret" "db_port" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-POSTGRES-PORT"
-  value        = module.reform-notifications-db.postgresql_listen_port
-}
-
-resource "azurerm_key_vault_secret" "db_database" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-POSTGRES-DATABASE"
-  value        = module.reform-notifications-db.postgresql_database
-}
-
-# endregion
-
-# region staging DB secrets
-
-resource "azurerm_key_vault_secret" "staging_db_user" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-staging-postgres-user"
-  value        = module.reform-notifications-staging-db.user_name
-}
-
-resource "azurerm_key_vault_secret" "staging_db_password" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-staging-postgres-pass"
-  value        = module.reform-notifications-staging-db.postgresql_password
-}
-
-resource "azurerm_key_vault_secret" "staging_db_host" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-staging-postgres-host"
-  value        = module.reform-notifications-staging-db.host_name
-}
-
-resource "azurerm_key_vault_secret" "staging_db_port" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-staging-postgres-port"
-  value        = module.reform-notifications-staging-db.postgresql_listen_port
-}
-
-resource "azurerm_key_vault_secret" "staging_db_database" {
-  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
-  name         = "${var.component}-staging-postgres-database"
-  value        = module.reform-notifications-staging-db.postgresql_database
-}
-
-# endregion
-
 # region Copy secrets from BulkScan
 
 data "azurerm_key_vault_secret" "s2s_secret" {

infrastructure/tf-db-flexible-secrets.tf

@@ -2,6 +2,7 @@
 locals {
   flexible_secret_prefix         = "${var.component}-POSTGRES-FLEXIBLE"
   flexible_secret_prefix_staging = "${var.component}-staging-db-flexible"
+  standard_secret_prefix         = "${var.component}-POSTGRES"
 
   flexible_secrets = [
     {
@@ -62,6 +63,18 @@ resource "azurerm_key_vault_secret" "flexible_secret" {
   expiration_date = timeadd(timestamp(), "17520h")
 }
 
+resource "azurerm_key_vault_secret" "flexible_secret_standard_format" {
+  for_each     = { for secret in local.flexible_secrets : secret.name_suffix => secret }
+  key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id
+  name         = "${local.standard_secret_prefix}-${each.value.name_suffix}"
+  value        = each.value.value
+  tags = merge(var.common_tags, {
+    "source" : "${var.component} PostgreSQL"
+  })
+  content_type    = ""
+  expiration_date = timeadd(timestamp(), "17520h")
+}
+
 resource "azurerm_key_vault_secret" "flexible_secret_staging" {
   for_each     = { for secret in local.flexible_secrets_staging : secret.name_suffix => secret }
   key_vault_id = data.azurerm_key_vault.reform_scan_key_vault.id

infrastructure/tf-db-flexible.tf

@@ -29,7 +29,7 @@ module "postgresql" {
 
   admin_user_object_id = var.jenkins_AAD_objectId
 
-  enable_schema_ownership = true
+  enable_schema_ownership        = true
   force_schema_ownership_trigger = "true"
   force_user_permissions_trigger = "1"
 }