Skip to content

CCM-14114: set TLS version on Rest API to be 1.2, to match domain name#491

Open
stevebux wants to merge 4 commits intomainfrom
feature/CCM-14114-TLS-Upgrade
Open

CCM-14114: set TLS version on Rest API to be 1.2, to match domain name#491
stevebux wants to merge 4 commits intomainfrom
feature/CCM-14114-TLS-Upgrade

Conversation

@stevebux
Copy link
Copy Markdown
Contributor

@stevebux stevebux commented Mar 25, 2026

Description

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@stevebux stevebux requested a review from a team as a code owner March 25, 2026 11:38
@stevebux stevebux requested a review from Copilot March 25, 2026 11:38
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Terraform-managed API Gateway REST API configuration to enforce TLS-related settings via the imported OpenAPI document, aiming to align runtime TLS behavior with the configured custom domain.

Changes:

  • Adds API Gateway vendor extension fields to the OpenAPI template for endpoint access mode and security policy.
  • Passes new template variables from Terraform locals into the OpenAPI spec rendering.
  • Introduces local TLS/access-mode constants and forces REST API replacement on policy changes.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
infrastructure/terraform/components/api/resources/spec.tmpl.json Adds API Gateway vendor extension fields for endpoint access mode and security policy.
infrastructure/terraform/components/api/locals.tf Wires new template variables into the OpenAPI templatefile rendering.
infrastructure/terraform/components/api/api_gateway_rest_api_tls.tf Defines local values for security policy/access mode and a terraform_data trigger.
infrastructure/terraform/components/api/api_gateway_rest_api.tf Forces REST API replacement when the terraform_data trigger changes.

@francisco-videira-nhs francisco-videira-nhs added the deploy-proxy Set to 'true' to force a PR build to deploy the APIM proxy label Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aidenvaines-cgi aidenvaines-cgi aidenvaines-cgi approved these changes

@masl2 masl2 masl2 approved these changes

Assignees

No one assigned

Labels

deploy-proxy Set to 'true' to force a PR build to deploy the APIM proxy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@stevebux @aidenvaines-cgi @masl2 @francisco-videira-nhs