From 61e227c7fa99655e174e6fb260f5ea45e0f795b5 Mon Sep 17 00:00:00 2001
From: Aaron Oman <groovestomp@groovestomp.com>
Date: Fri, 11 Sep 2020 10:58:31 -0700
Subject: [PATCH] zero-268: set s3_hosting module cf_signed_downloads param
 based on questionnaire

https://app.zenhub.com/workspaces/commit-zero-5da8decc7046a60001c6db44/issues/commitdev/zero/268

- Use templates to set s3_hosting.cf_signed_downloads to true or false based on the questionnaire for using s3 file uploads and CF signed download URLs.
---
 templates/terraform/environments/prod/main.tf        | 1 +
 templates/terraform/environments/stage/main.tf       | 1 +
 templates/terraform/modules/environment/main.tf      | 1 +
 templates/terraform/modules/environment/variables.tf | 6 ++++++
 4 files changed, 9 insertions(+)

diff --git a/templates/terraform/environments/prod/main.tf b/templates/terraform/environments/prod/main.tf
index 1251977..e3ee6a0 100644
--- a/templates/terraform/environments/prod/main.tf
+++ b/templates/terraform/environments/prod/main.tf
@@ -39,6 +39,7 @@ module "prod" {
     "<% index .Params `productionFrontendSubdomain` %><% index .Params `productionHostRoot` %>",
   ]
   domain_name = "<% index .Params `productionHostRoot` %>"
+  cf_signed_downloads = <% if eq (index .Params `fileUploads`) "yes" %>true<% else %>false<% end %>
 
   # DB configuration
   database = "<% index .Params `database` %>"
diff --git a/templates/terraform/environments/stage/main.tf b/templates/terraform/environments/stage/main.tf
index 045d6ad..b51d3b1 100644
--- a/templates/terraform/environments/stage/main.tf
+++ b/templates/terraform/environments/stage/main.tf
@@ -39,6 +39,7 @@ module "stage" {
     "<% index .Params `stagingFrontendSubdomain` %><% index .Params `stagingHostRoot` %>",
   ]
   domain_name = "<% index .Params `stagingHostRoot` %>"
+  cf_signed_downloads = <% if eq (index .Params `fileUploads`) "yes" %>true<% else %>false<% end %>
 
   # This will save some money as there a cost associated to each NAT gateway, but if the AZ with the gateway
   # goes down, nothing in the private subnets will be able to reach the internet. Not recommended for production.
diff --git a/templates/terraform/modules/environment/main.tf b/templates/terraform/modules/environment/main.tf
index 1e744a5..189b28e 100644
--- a/templates/terraform/modules/environment/main.tf
+++ b/templates/terraform/modules/environment/main.tf
@@ -71,6 +71,7 @@ module "s3_hosting" {
   # We need to wait for certificate validation to complete before using the certs
   depends_on = [module.assets_domains.certificate_validations]
 
+  cf_signed_downloads     = var.cf_signed_downloads
   buckets                 = var.s3_hosting_buckets
   project                 = var.project
   environment             = var.environment
diff --git a/templates/terraform/modules/environment/variables.tf b/templates/terraform/modules/environment/variables.tf
index 0ee0a02..573f2cb 100644
--- a/templates/terraform/modules/environment/variables.tf
+++ b/templates/terraform/modules/environment/variables.tf
@@ -137,3 +137,9 @@ variable "sendgrid_api_key_secret_name" {
   description = "AWS secret manager's secret name storing the sendgrid api key"
   type  = string
 }
+
+variable "cf_signed_downloads" {
+  type        = bool
+  description = "Enable Cloudfront signed URLs"
+  default     = false
+}