correct environment variables

.github/workflows/deploy_terraform.yml

@@ -332,17 +332,10 @@ jobs:
       ecr_repo: pashub_to_ara-${{ needs.determine_stage.outputs.stage }}
       dockerfile_path: backend/pashub_fetcher/handler/Dockerfile
       build_context: .
-      build_args: |
-        DEV_DB_HOST=$DEV_DB_HOST
-        DEV_DB_PORT=$DEV_DB_PORT
-        DEV_DB_NAME=$DEV_DB_NAME
     secrets:
       AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
       AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
-      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
-      DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }}
-      DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}
 
 
   # ============================================================
@@ -362,6 +355,9 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
       AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      TF_VAR_db_host: ${{ secrets.DEV_DB_HOST }}
+      TF_VAR_db_name: ${{ secrets.DEV_DB_NAME }}
+      TF_VAR_db_port: ${{ secrets.DEV_DB_PORT }}
       TF_VAR_sharepoint_client_id: ${{ secrets.SHAREPOINT_CLIENT_ID }}
       TF_VAR_sharepoint_client_secret: ${{ secrets.SHAREPOINT_CLIENT_SECRET }}
       TF_VAR_sharepoint_tenant_id: ${{ secrets.SHAREPOINT_TENANT_ID }}

infrastructure/terraform/lambda/pashub_to_ara/main.tf

@@ -7,6 +7,14 @@ data "terraform_remote_state" "shared" {
   }
 }
 
+data "aws_secretsmanager_secret_version" "db_credentials" {
+  secret_id = "${var.stage}/assessment_model/db_credentials"
+}
+
+locals {
+  db_credentials = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)
+}
+
 module "lambda" {
   source = "../../modules/lambda_with_sqs"
 
@@ -23,5 +31,20 @@ module "lambda" {
   environment = {
     STAGE = var.stage
     LOG_LEVEL = "info"
+    
+    DB_USERNAME = local.db_credentials.db_assessment_model_username
+    DB_PASSWORD = local.db_credentials.db_assessment_model_password
+    DB_HOST     = var.db_host
+    DB_NAME     = var.db_name
+    DB_PORT     = var.db_port
+
+    SHAREPOINT_CLIENT_ID                = var.sharepoint_client_id
+    SHAREPOINT_CLIENT_SECRET            = var.sharepoint_client_secret
+    DOMNA_SHAREPOINT_ID                 = var.domna_sharepoint_id
+    OSMOSIS_ACD_SHAREPOINT_ID           = var.osmosis_acd_sharepoint_id
+    PRIVATE_PAY_SHAREPOINT_ID           = var.private_pay_sharepoint_id
+    SOCIAL_HOUSING_WAVE_3_SHAREPOINT_ID = var.social_housing_wave_3_sharepoint_id
+    PASHUB_EMAIL                        = var.pashub_email
+    PASHUB_PASSWORD                     = var.pashub_password
   }
 }

infrastructure/terraform/lambda/pashub_to_ara/variables.tf

@@ -35,3 +35,58 @@ locals {
 output "resolved_image_uri" {
   value = local.image_uri
 }
+
+variable "db_host" {
+  type      = string
+  sensitive = true
+}
+
+variable "db_name" {
+  type      = string
+  sensitive = true
+}
+
+variable "db_port" {
+  type      = string
+  sensitive = true
+}
+
+variable "sharepoint_client_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "sharepoint_client_secret" {
+  type      = string
+  sensitive = true
+}
+
+variable "domna_sharepoint_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "osmosis_acd_sharepoint_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "private_pay_sharepoint_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "social_housing_wave_3_sharepoint_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "pashub_email" {
+  type      = string
+  sensitive = true
+}
+
+variable "pashub_password" {
+  type      = string
+  sensitive = true
+}