Update data.gov.uk

datagovuk.tf

@@ -2,14 +2,22 @@ variable "datagovuk_integration" {
   type = string
 }
 
-# module "datagovuk-integration" {
-#   source = "./modules/datagovuk"
+module "datagovuk-integration" {
+  source = "./modules/datagovuk"
 
-#   configuration = {
-#     environment = "integration"
-#     git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
-#     probe = "/"
-#   }
+  configuration = {
+    environment = "integration"
+    git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
+    probe = "/"
+  }
 
-#   secrets = yamldecode(var.datagovuk_integration)
-# }
+  secrets = yamldecode(var.datagovuk_integration)
+}
+
+variable "datagovuk_staging" {
+  type = string
+}
+
+variable "datagovuk_production" {
+  type = string
+}

modules/datagovuk/datagovuk.vcl.tftpl

@@ -1,4 +1,4 @@
-backend F_origin {
+backend F_cname_find_eks_${environment}_govuk_digital {
     .connect_timeout = 5s;
     .dynamic = true;
     .port = "${origin_port}";
@@ -98,7 +98,7 @@ sub vcl_recv {
   }
 
   # Serve from stale for 24 hours if origin is sick
-  set req.grace = 24h;
+  set req.max_stale_if_error = 24h;
 
   # Default backend.
   set req.backend = F_origin;
@@ -126,14 +126,9 @@ sub vcl_fetch {
 
   set beresp.http.Fastly-Backend-Name = req.http.Fastly-Backend-Name;
 
-  if ((beresp.status >= 500 && beresp.status <= 599) && req.restarts < 3 && (req.request == "GET" || req.request == "HEAD") && !beresp.http.No-Fallback) {
-    set beresp.saintmode = 5s;
-    return (restart);
-  }
-
   if (req.restarts == 0) {
     # Keep stale for origin
-    set beresp.grace = 24h;
+    set beresp.stale_if_error = 24h;
   }
 
   if(req.restarts > 0 ) {
@@ -154,7 +149,7 @@ sub vcl_fetch {
 
   if (beresp.status == 500 || beresp.status == 503) {
     set beresp.ttl = 1s;
-    set beresp.grace = 5s;
+    set beresp.stale_if_error = 5s;
     return (deliver);
   }
 
@@ -200,11 +195,6 @@ sub vcl_error {
     }
   }
 
-  # Assume we've hit vcl_error() because the backend is unavailable
-  if (req.restarts < 2) {
-    return (restart);
-  }
-
   synthetic {"
     <!DOCTYPE html>
     <html>
@@ -230,8 +220,4 @@ sub vcl_error {
 
 sub vcl_pass {
 #FASTLY pass
-}
-
-sub vcl_hash {
-#FASTLY hash
 }

modules/datagovuk/service.tf

@@ -44,8 +44,12 @@ resource "fastly_service_vcl" "service" {
   name    = "${title(local.template_values["environment"])} data.gov.uk"
   comment = ""
 
-  domain {
-    name = local.template_values["hostname"]
+  dynamic "domain" {
+    for_each = lookup(local.template_values, "hostnames", [])
+    iterator = each
+    content {
+      name = each.value
+    }
   }
 
   vcl {
@@ -93,6 +97,26 @@ resource "fastly_service_vcl" "service" {
     }
   }
 
+  header {
+    name               = "${local.template_values["environment"]}.data.gov.uk to www.${local.template_values["environment"]}.data.gov.uk redirect location header"
+    action             = "set"
+    type               = "response"
+    destination        = "http.Location"
+    source             = "\"https://www.${local.template_values["environment"]}.data.gov.uk\" + req.url"
+    response_condition = "${local.template_values["environment"]}.data.gov.uk to www.${local.template_values["environment"]}.data.gov.uk redirect response condition"
+  }
+
+  response_object {
+    name              = "${local.template_values["environment"]}.data.gov.uk to www.${local.template_values["environment"]}.data.gov.uk redirect synthetic response"
+    status            = 301
+    request_condition = "${local.template_values["environment"]}.data.gov.uk to www.${local.template_values["environment"]}.data.gov.uk redirect request condition"
+  }
+
+  request_setting {
+    name      = "Force TLS"
+    force_ssl = true
+  }
+
   dynamic "logging_splunk" {
     for_each = {
       for splunk in lookup(var.secrets, "splunk", []) : splunk.name => splunk