From 4bef84d506cd102f652a261d78ec6bd1dd61ef51 Mon Sep 17 00:00:00 2001
From: James Armes <jarmes@codeforamerica.org>
Date: Wed, 15 Oct 2025 16:52:40 -0400
Subject: [PATCH] fix: Set the Senzing license into the config.

---
 .github/actions/setup-opentofu/action.yaml |  1 +
 .github/workflows/deploy.yaml              |  2 ++
 .github/workflows/export.yaml              |  1 +
 .github/workflows/launch-tools.yaml        |  1 +
 .github/workflows/plan.yaml                |  3 +++
 .github/workflows/pull-request.yaml        |  1 +
 tofu/config/service/main.tf                | 21 +++++++++++----------
 tofu/config/service/variables.tf           |  7 +++++++
 tofu/modules/persistent_service/main.tf    |  8 ++++----
 tofu/modules/system/ecs.tf                 |  2 +-
 tofu/modules/system/variables.tf           |  7 +++++++
 11 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/.github/actions/setup-opentofu/action.yaml b/.github/actions/setup-opentofu/action.yaml
index e6b75ec..7b07f70 100644
--- a/.github/actions/setup-opentofu/action.yaml
+++ b/.github/actions/setup-opentofu/action.yaml
@@ -39,6 +39,7 @@ runs:
           "image_tags_mutable" "key_recovery_period" "log_level" "program"
           "project" "queue_empty_threshold" "redoer_container_count"
           "redoer_cpu" "redoer_memory" "region" "repository"
+          "senzing_license_base64"
         )
         for var in ${variables[@]}; do
           name="TF_VAR_$(echo $var | tr '[:lower:]' '[:upper:]')"
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 900c239..846ae92 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -62,6 +62,7 @@ jobs:
       TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
       TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
       TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
+      TF_VAR_SENZING_LICENSE_BASE64: ${{ secrets.TF_VAR_SENZING_LICENSE_BASE64 }}
       TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
       TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
       TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
@@ -119,6 +120,7 @@ jobs:
           TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
           TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
           TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
+          TF_VAR_SENZING_LICENSE_BASE64: ${{ secrets.TF_VAR_SENZING_LICENSE_BASE64 }}
           TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
           TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
           TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
diff --git a/.github/workflows/export.yaml b/.github/workflows/export.yaml
index 7d374f3..ce9983b 100644
--- a/.github/workflows/export.yaml
+++ b/.github/workflows/export.yaml
@@ -56,6 +56,7 @@ jobs:
           TF_VAR_QUEUE_EMPTY_THRESHOLD: ${{ secrets.TF_VAR_QUEUE_EMPTY_THRESHOLD }}
           TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
           TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
+          TF_VAR_SENZING_LICENSE_BASE64: ${{ secrets.TF_VAR_SENZING_LICENSE_BASE64 }}
           TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
           TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
           TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
diff --git a/.github/workflows/launch-tools.yaml b/.github/workflows/launch-tools.yaml
index 75157a1..a0ad558 100644
--- a/.github/workflows/launch-tools.yaml
+++ b/.github/workflows/launch-tools.yaml
@@ -64,6 +64,7 @@ jobs:
           TF_VAR_QUEUE_EMPTY_THRESHOLD: ${{ secrets.TF_VAR_QUEUE_EMPTY_THRESHOLD }}
           TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
           TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
+          TF_VAR_SENZING_LICENSE_BASE64: ${{ secrets.TF_VAR_SENZING_LICENSE_BASE64 }}
           TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
           TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
           TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml
index 4d5c77e..5831d93 100644
--- a/.github/workflows/plan.yaml
+++ b/.github/workflows/plan.yaml
@@ -68,6 +68,8 @@ on:
         required: false
       TF_VAR_REPOSITORY:
         required: false
+      TF_VAR_SENZING_LICENSE_BASE64:
+        required: false
   workflow_dispatch:
     inputs:
       config:
@@ -140,6 +142,7 @@ jobs:
           TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
           TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
           TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
+          TF_VAR_SENZING_LICENSE_BASE64: ${{ secrets.TF_VAR_SENZING_LICENSE_BASE64 }}
           TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
           TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
           TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
index 056f3be..ac1d300 100644
--- a/.github/workflows/pull-request.yaml
+++ b/.github/workflows/pull-request.yaml
@@ -66,6 +66,7 @@ jobs:
       TF_VAR_REDOER_MEMORY: ${{ secrets.TF_VAR_REDOER_MEMORY }}
       TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }}
       TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }}
+      TF_VAR_SENZING_LICENSE_BASE64: ${{ secrets.TF_VAR_SENZING_LICENSE_BASE64 }}
       TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }}
       TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }}
       TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }}
diff --git a/tofu/config/service/main.tf b/tofu/config/service/main.tf
index 5f11858..e98a25e 100644
--- a/tofu/config/service/main.tf
+++ b/tofu/config/service/main.tf
@@ -18,16 +18,17 @@ module "inputs" {
 module "system" {
   source = "../../modules/system"
 
-  environment           = var.environment
-  project               = var.project
-  export_expiration     = var.export_expiration
-  key_recovery_period   = var.key_recovery_period
-  logging_bucket        = module.inputs.values["logging/bucket"]
-  logging_key_arn       = module.inputs.values["logging/key"]
-  log_level             = var.log_level
-  tags                  = merge({ awsApplication : module.inputs.values["application/tag"] }, var.tags)
-  vpc_id                = module.inputs.values["vpc/id"]
-  queue_empty_threshold = var.queue_empty_threshold
+  environment            = var.environment
+  project                = var.project
+  export_expiration      = var.export_expiration
+  key_recovery_period    = var.key_recovery_period
+  logging_bucket         = module.inputs.values["logging/bucket"]
+  logging_key_arn        = module.inputs.values["logging/key"]
+  log_level              = var.log_level
+  tags                   = merge({ awsApplication : module.inputs.values["application/tag"] }, var.tags)
+  vpc_id                 = module.inputs.values["vpc/id"]
+  queue_empty_threshold  = var.queue_empty_threshold
+  senzing_license_base64 = var.senzing_license_base64
 
   database_subnets                   = split(",", module.inputs.values["vpc/private_subnets"])
   apply_database_updates_immediately = var.apply_database_updates_immediately
diff --git a/tofu/config/service/variables.tf b/tofu/config/service/variables.tf
index 25ad0f5..b68e81d 100644
--- a/tofu/config/service/variables.tf
+++ b/tofu/config/service/variables.tf
@@ -145,6 +145,13 @@ variable "region" {
   default     = "us-west-1"
 }
 
+variable "senzing_license_base64" {
+  type        = string
+  description = "Base64 encoded Senzing license."
+  default     = null
+  sensitive   = true
+}
+
 variable "tags" {
   type        = map(string)
   description = "Tags to apply to all resources."
diff --git a/tofu/modules/persistent_service/main.tf b/tofu/modules/persistent_service/main.tf
index 83f5125..c1f8abf 100644
--- a/tofu/modules/persistent_service/main.tf
+++ b/tofu/modules/persistent_service/main.tf
@@ -30,10 +30,10 @@ module "service" {
   source  = "HENNGE/ecs/aws//modules/core/service"
   version = "5.3.0"
 
-  cluster                      = var.cluster_name
-  name                         = local.prefix
-  create_task_definition       = false
-  task_definition_arn          = module.task.task_definition_arn
+  cluster                = var.cluster_name
+  name                   = local.prefix
+  create_task_definition = false
+  task_definition_arn    = module.task.task_definition_arn
 
   # Ignore changes to the desired count to prevent conflicts with auto-scaling.
   ignore_desired_count_changes = true
diff --git a/tofu/modules/system/ecs.tf b/tofu/modules/system/ecs.tf
index 094d052..19efaff 100644
--- a/tofu/modules/system/ecs.tf
+++ b/tofu/modules/system/ecs.tf
@@ -67,7 +67,7 @@ module "senzing_config" {
     database_host : module.database.cluster_endpoint
     database_username : jsondecode(data.aws_secretsmanager_secret_version.database.secret_string).username
     database_password : urlencode(jsondecode(data.aws_secretsmanager_secret_version.database.secret_string).password)
-    senzing_license_base64 : " "
+    senzing_license_base64 : coalesce(var.senzing_license_base64, " ")
   })))
 
   tags = var.tags
diff --git a/tofu/modules/system/variables.tf b/tofu/modules/system/variables.tf
index 6dff1b8..54f65d2 100644
--- a/tofu/modules/system/variables.tf
+++ b/tofu/modules/system/variables.tf
@@ -193,6 +193,13 @@ variable "redoer_memory" {
   default     = 4096
 }
 
+variable "senzing_license_base64" {
+  type        = string
+  description = "Base64 encoded Senzing license."
+  default     = null
+  sensitive   = true
+}
+
 variable "tags" {
   type        = map(string)
   description = "Tags to apply to resources."