Set One Login base URL environment variable for forms-runner

stephencdaly · stephencdaly · commit adb8e02181d6 · 2026-05-05T12:42:20.000+01:00
diff --git a/infra/deployments/forms/forms-runner/main.tf b/infra/deployments/forms/forms-runner/main.tf
@@ -55,6 +55,7 @@ module "forms_runner" {
   ses_submission_email_from_email_address     = var.forms_runner_settings.ses_submission_email_from_email_address
   ses_submission_email_reply_to_email_address = var.forms_runner_settings.ses_submission_email_reply_to_email_address
   ses_submission_configuration_set_name       = data.terraform_remote_state.forms_ses.outputs.form_submissions_configuration_set_name
+  govuk_one_login_base_url                    = var.forms_runner_settings.govuk_one_login_base_url
   additional_submissions_to_s3_role_assumers  = local.allowed_submissions_to_s3_role_assumers
   additional_forms_runner_role_assumers       = local.allowed_forms_runner_role_assumers
   elasticache_port                            = data.terraform_remote_state.redis.outputs.elasticache_port
diff --git a/infra/deployments/forms/inputs.tf b/infra/deployments/forms/inputs.tf
@@ -175,6 +175,7 @@ variable "forms_runner_settings" {
     allow_human_readonly_roles_to_assume_submissions_to_runner_role = bool
     ses_submission_email_from_email_address                         = string
     ses_submission_email_reply_to_email_address                     = string
+    govuk_one_login_base_url                                        = string
     queue_worker_capacity                                           = string
     disable_builtin_solidqueue_worker                               = bool
     filler_answer_email_enabled                                     = bool
diff --git a/infra/deployments/forms/tfvars/dev.tfvars b/infra/deployments/forms/tfvars/dev.tfvars
@@ -105,6 +105,7 @@ forms_runner_settings = {
   allow_human_readonly_roles_to_assume_submissions_to_runner_role = true
   ses_submission_email_from_email_address                         = "no-reply@dev.forms.service.gov.uk"
   ses_submission_email_reply_to_email_address                     = "no-reply@dev.forms.service.gov.uk"
+  govuk_one_login_base_url                                        = "https://oidc.integration.account.gov.uk/"
   queue_worker_capacity                                           = 1
   disable_builtin_solidqueue_worker                               = true
   filler_answer_email_enabled                                     = false
diff --git a/infra/deployments/forms/tfvars/production.tfvars b/infra/deployments/forms/tfvars/production.tfvars
@@ -161,6 +161,7 @@ forms_runner_settings = {
   allow_human_readonly_roles_to_assume_submissions_to_runner_role = false
   ses_submission_email_from_email_address                         = "no-reply@forms.service.gov.uk"
   ses_submission_email_reply_to_email_address                     = "no-reply@forms.service.gov.uk"
+  govuk_one_login_base_url                                        = "https://oidc.account.gov.uk/"
   queue_worker_capacity                                           = 6
   disable_builtin_solidqueue_worker                               = true
   filler_answer_email_enabled                                     = false
diff --git a/infra/deployments/forms/tfvars/staging.tfvars b/infra/deployments/forms/tfvars/staging.tfvars
@@ -70,6 +70,7 @@ forms_runner_settings = {
   allow_human_readonly_roles_to_assume_submissions_to_runner_role = false
   ses_submission_email_from_email_address                         = "no-reply@staging.forms.service.gov.uk"
   ses_submission_email_reply_to_email_address                     = "no-reply@staging.forms.service.gov.uk"
+  govuk_one_login_base_url                                        = "https://oidc.integration.account.gov.uk/"
   queue_worker_capacity                                           = 1
   disable_builtin_solidqueue_worker                               = true
   filler_answer_email_enabled                                     = false
diff --git a/infra/deployments/forms/tfvars/user-research.tfvars b/infra/deployments/forms/tfvars/user-research.tfvars
@@ -66,6 +66,7 @@ forms_runner_settings = {
   opentelemetry_head_sampler_ratio                                = "0.1"
   ses_submission_email_from_email_address                         = "no-reply@research.forms.service.gov.uk"
   ses_submission_email_reply_to_email_address                     = "no-reply@research.forms.service.gov.uk"
+  govuk_one_login_base_url                                        = "https://oidc.integration.account.gov.uk/"
   allow_human_readonly_roles_to_assume_submissions_to_s3_role     = false
   allow_human_readonly_roles_to_assume_submissions_to_runner_role = false
   queue_worker_capacity                                           = 0
diff --git a/infra/modules/forms-runner/main.tf b/infra/modules/forms-runner/main.tf
@@ -211,6 +211,10 @@ module "ecs_service" {
       name  = "SETTINGS__SES_SUBMISSION_EMAIL__REPLY_TO_EMAIL_ADDRESS",
       value = var.ses_submission_email_reply_to_email_address
     },
+    {
+      name  = "SETTINGS__GOVUK_ONE_LOGIN__BASE_URL",
+      value = var.govuk_one_login_base_url
+    },
     {
       name  = "KMS_KEY_ID",
       value = aws_kms_alias.active_record_alias.name
diff --git a/infra/modules/forms-runner/variables.tf b/infra/modules/forms-runner/variables.tf
@@ -110,6 +110,11 @@ variable "ses_submission_configuration_set_name" {
   description = "The name of the configuration set to use when sending form submissions"
 }
 
+variable "govuk_one_login_base_url" {
+  type        = string
+  description = "The base URL for GOV.UK One Login authentication requests"
+}
+
 variable "elasticache_port" {
   type        = number
   description = "The port number for the Redis ElastiCache cluster"
