From 20df1dbe87dc0fbc5d30afe53563225cc9f7fbf5 Mon Sep 17 00:00:00 2001
From: JoshuaLicense <JoshuaLicense@users.noreply.github.com>
Date: Tue, 3 Sep 2024 14:56:28 +0100
Subject: [PATCH] feat: add Elasticache as session save handler (#304)

---
 compose.yaml                                 |  2 ++
 infra/docker/internal/php.ini                | 32 +++++++++++++++++++
 infra/docker/selfserve/php.ini               | 33 ++++++++++++++++++++
 infra/terraform/environments/dev/main.tf     |  2 ++
 infra/terraform/environments/int/main.tf     |  2 ++
 infra/terraform/modules/service/README.md    |  1 +
 infra/terraform/modules/service/ecs.tf       |  4 +++
 infra/terraform/modules/service/variables.tf |  5 +++
 8 files changed, 81 insertions(+)

diff --git a/compose.yaml b/compose.yaml
index 53ae11e9e4..da67cce87a 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -52,6 +52,7 @@ services:
     volumes:
       - ./app/selfserve:/var/www/html
     environment:
+      ELASTICACHE_URL: tcp://redis:6379
       AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID-}
       AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY-}
       AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN-}
@@ -68,6 +69,7 @@ services:
     volumes:
       - ./app/internal:/var/www/html
     environment:
+      ELASTICACHE_URL: tcp://redis:6379
       AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID-}
       AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY-}
       AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN-}
diff --git a/infra/docker/internal/php.ini b/infra/docker/internal/php.ini
index c83bb5239a..ebdddd9ece 100644
--- a/infra/docker/internal/php.ini
+++ b/infra/docker/internal/php.ini
@@ -22,6 +22,38 @@ upload_max_filesize=180M
 ; https://php.net/session.serialize-handler
 session.serialize_handler=igbinary
 
+; Argument passed to save_handler.  In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+;     session.save_path = "N;/path"
+;
+; where N is an integer.  Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories.  This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+;         You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+;         use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+;     session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; https://php.net/session.save-path
+session.save_path=${ELASTICACHE_URL}
+
+; Handler used to store/retrieve data.
+; https://php.net/session.save-handler
+session.save_handler=redis
 
 [opcache]
 ; The maximum number of keys (and therefore scripts) in the OPcache hash table
diff --git a/infra/docker/selfserve/php.ini b/infra/docker/selfserve/php.ini
index 6c884abc88..ebdddd9ece 100644
--- a/infra/docker/selfserve/php.ini
+++ b/infra/docker/selfserve/php.ini
@@ -22,6 +22,39 @@ upload_max_filesize=180M
 ; https://php.net/session.serialize-handler
 session.serialize_handler=igbinary
 
+; Argument passed to save_handler.  In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+;     session.save_path = "N;/path"
+;
+; where N is an integer.  Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories.  This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+;         You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+;         use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+;     session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; https://php.net/session.save-path
+session.save_path=${ELASTICACHE_URL}
+
+; Handler used to store/retrieve data.
+; https://php.net/session.save-handler
+session.save_handler=redis
+
 [opcache]
 ; The maximum number of keys (and therefore scripts) in the OPcache hash table
 ; The Allowed value is between 200 and 100000.
diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
index 961236a98e..d863e64a6e 100644
--- a/infra/terraform/environments/dev/main.tf
+++ b/infra/terraform/environments/dev/main.tf
@@ -147,6 +147,8 @@ module "service" {
 
   vpc_id = data.aws_vpc.this.id
 
+  elasticache_url = "tcp://cache.dev.olcs.dev-dvsacloud.uk:6379"
+
   services = {
     "api" = {
       cpu    = 2048
diff --git a/infra/terraform/environments/int/main.tf b/infra/terraform/environments/int/main.tf
index 95939c3f5a..f7cc5be690 100644
--- a/infra/terraform/environments/int/main.tf
+++ b/infra/terraform/environments/int/main.tf
@@ -147,6 +147,8 @@ module "service" {
 
   vpc_id = data.aws_vpc.this.id
 
+  elasticache_url = "tcp://cache.qa.olcs.dev-dvsacloud.uk:6379"
+
   services = {
     "api" = {
       cpu    = 2048
diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
index 754e05d53b..70095c4d00 100644
--- a/infra/terraform/modules/service/README.md
+++ b/infra/terraform/modules/service/README.md
@@ -47,6 +47,7 @@
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
 | <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
+| <a name="input_elasticache_url"></a> [elasticache\_url](#input\_elasticache\_url) | The URL of the Elasticache cluster | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
 | <a name="input_legacy_environment"></a> [legacy\_environment](#input\_legacy\_environment) | The legacy environment to deploy use | `string` | n/a | yes |
 | <a name="input_services"></a> [services](#input\_services) | The services to deploy | <pre>map(object({<br>    version    = string<br>    repository = string<br>    cpu        = number<br>    memory     = number<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    add_cdn_url_to_env = optional(bool, false)<br>    lb_listener_arn    = string<br>    // The reason for this was to enable the parallel running of ECS and EC2 services.<br>    // This boolean will control the flow of traffic. If `true`, traffic will go to ECS. If `false`, traffic will go to EC2.<br>    // Can be removed when EC2 services are removed.<br>    listener_rule_enable      = optional(bool, true)<br>    listener_rule_priority    = optional(number, 10)<br>    listener_rule_host_header = optional(string, "*")<br>    security_group_ids        = list(string)<br>    subnet_ids                = list(string)<br>    vpc_id                    = optional(string, null)<br>  }))</pre> | `{}` | no |
diff --git a/infra/terraform/modules/service/ecs.tf b/infra/terraform/modules/service/ecs.tf
index cea856d417..66b6bcc5d4 100644
--- a/infra/terraform/modules/service/ecs.tf
+++ b/infra/terraform/modules/service/ecs.tf
@@ -109,6 +109,10 @@ module "ecs_service" {
             name  = "APP_VERSION"
             value = var.services[each.key].version
           },
+          {
+            name  = "ELASTICACHE_URL"
+            value = var.elasticache_url
+          }
         ],
         each.value.add_cdn_url_to_env ? [
           {
diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
index 95adef0f61..632067d7f3 100644
--- a/infra/terraform/modules/service/variables.tf
+++ b/infra/terraform/modules/service/variables.tf
@@ -23,6 +23,11 @@ variable "vpc_id" {
   description = "The VPC ID"
 }
 
+variable "elasticache_url" {
+  type        = string
+  description = "The URL of the Elasticache cluster"
+}
+
 variable "services" {
   type = map(object({
     version    = string