Skip to content

Commit

Permalink
fix various terraform issues / warnings (#2608)
Browse files Browse the repository at this point in the history 
* upgrade devops azurerm, remove obsolete items

* tflint

* fix various terraform issues / warnings

* tflint fix

* fix
  • Loading branch information
@tamirkamara
tamirkamara authored Sep 18, 2022
1 parent 34497f9 commit 7ece0dc
Show file tree
Hide file tree
Showing 20 changed files with 76 additions and 74 deletions.
2 changes: 1 addition & 1 deletion templates/shared_services/certs/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-shared-service-certs
version: 0.1.3
version: 0.1.4
description: "An Azure TRE shared service to generate certificates for a specified internal domain using Letsencrypt"
registry: azuretre
dockerfile: Dockerfile.tmpl
Expand Down
2 changes: 1 addition & 1 deletion templates/shared_services/certs/terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.4.0"
version = "=3.22.0"
}
}

Expand Down
2 changes: 1 addition & 1 deletion templates/shared_services/cyclecloud/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-shared-service-cyclecloud
version: 0.2.6
version: 0.2.7
description: "An Azure TRE Shared Service Template for Azure Cyclecloud"
registry: azuretre
dockerfile: Dockerfile.tmpl
Expand Down
4 changes: 2 additions & 2 deletions templates/shared_services/cyclecloud/terraform/cyclecloud.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ resource "random_string" "username" {
length = 4
upper = true
lower = true
number = true
numeric = true
min_numeric = 1
min_lower = 1
special = false
Expand All @@ -16,7 +16,7 @@ resource "random_password" "password" {
min_lower = 1
upper = true
min_upper = 1
number = true
numeric = true
min_numeric = 1
special = true
min_special = 1
Expand Down
2 changes: 1 addition & 1 deletion templates/shared_services/sonatype-nexus-vm/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-shared-service-sonatype-nexus
version: 2.1.6
version: 2.1.7
description: "A Sonatype Nexus shared service"
registry: azuretre
dockerfile: Dockerfile.tmpl
Expand Down
4 changes: 4 additions & 0 deletions templates/shared_services/sonatype-nexus-vm/terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ terraform {
source = "hashicorp/random"
version = "=3.4.2"
}
template = {
source = "hashicorp/template"
version = "=2.2.0"
}
}

backend "azurerm" {}
Expand Down
4 changes: 2 additions & 2 deletions templates/shared_services/sonatype-nexus-vm/terraform/vm.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ resource "random_password" "nexus_vm_password" {
min_lower = 1
upper = true
min_upper = 1
number = true
numeric = true
min_numeric = 1
special = true
min_special = 1
Expand All @@ -47,7 +47,7 @@ resource "random_password" "nexus_admin_password" {
min_lower = 1
upper = true
min_upper = 1
number = true
numeric = true
min_numeric = 1
special = true
min_special = 1
Expand Down
2 changes: 1 addition & 1 deletion templates/workspace_services/gitea/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-workspace-service-gitea
version: 0.3.8
version: 0.4.0
description: "A Gitea workspace service"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
56 changes: 28 additions & 28 deletions templates/workspace_services/gitea/terraform/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

36 changes: 17 additions & 19 deletions templates/workspace_services/gitea/terraform/gitea-webapp.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,24 +16,24 @@ resource "azurerm_user_assigned_identity" "gitea_id" {
lifecycle { ignore_changes = [tags] }
}

data "azurerm_app_service_plan" "workspace" {
data "azurerm_service_plan" "workspace" {
name = "plan-${var.workspace_id}"
resource_group_name = data.azurerm_resource_group.ws.name
}

resource "azurerm_app_service" "gitea" {
resource "azurerm_linux_web_app" "gitea" {
name = local.webapp_name
location = data.azurerm_resource_group.ws.location
resource_group_name = data.azurerm_resource_group.ws.name
app_service_plan_id = data.azurerm_app_service_plan.workspace.id
service_plan_id = data.azurerm_service_plan.workspace.id
https_only = true
key_vault_reference_identity_id = azurerm_user_assigned_identity.gitea_id.id
virtual_network_subnet_id = data.azurerm_subnet.web_apps.id
tags = local.workspace_service_tags

app_settings = {
WEBSITES_PORT = "3000"
WEBSITES_ENABLE_APP_SERVICE_STORAGE = true
WEBSITE_DNS_SERVER = "168.63.129.16"
GITEA_USERNAME = "giteaadmin"
GITEA_PASSWD = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.gitea_password.id})"
GITEA_EMAIL = "giteaadmin@azuretre.com"
Expand Down Expand Up @@ -69,14 +69,17 @@ resource "azurerm_app_service" "gitea" {
}

site_config {
linux_fx_version = "DOCKER|${data.azurerm_container_registry.mgmt_acr.login_server}/microsoft/azuretre/gitea-workspace-service:${local.version}"
acr_use_managed_identity_credentials = true
acr_user_managed_identity_client_id = azurerm_user_assigned_identity.gitea_id.client_id
always_on = true
min_tls_version = "1.2"
vnet_route_all_enabled = true
websockets_enabled = false
ftps_state = "Disabled"
container_registry_use_managed_identity = true
container_registry_managed_identity_client_id = azurerm_user_assigned_identity.gitea_id.client_id
ftps_state = "Disabled"
always_on = true
minimum_tls_version = "1.2"
vnet_route_all_enabled = true

application_stack {
docker_image = "${data.azurerm_container_registry.mgmt_acr.login_server}/microsoft/azuretre/gitea-workspace-service"
docker_image_tag = local.version
}
}

storage_account {
Expand Down Expand Up @@ -114,7 +117,7 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" {
tags = local.workspace_service_tags

private_service_connection {
private_connection_resource_id = azurerm_app_service.gitea.id
private_connection_resource_id = azurerm_linux_web_app.gitea.id
name = "psc-${local.webapp_name}"
subresource_names = ["sites"]
is_manual_connection = false
Expand All @@ -128,14 +131,9 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" {
lifecycle { ignore_changes = [tags] }
}

resource "azurerm_app_service_virtual_network_swift_connection" "gitea-integrated-vnet" {
app_service_id = azurerm_app_service.gitea.id
subnet_id = data.azurerm_subnet.web_apps.id
}

resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" {
name = "diag-${local.service_resource_name_suffix}"
target_resource_id = azurerm_app_service.gitea.id
target_resource_id = azurerm_linux_web_app.gitea.id
log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id

log {
Expand Down
4 changes: 2 additions & 2 deletions templates/workspace_services/gitea/terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.5.0"
version = "=3.22.0"
}
random = {
source = "hashicorp/random"
version = "=3.4.2"
version = "=3.4.3"
}
local = {
source = "hashicorp/local"
Expand Down
4 changes: 2 additions & 2 deletions templates/workspace_services/gitea/terraform/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
output "gitea_fqdn" {
value = azurerm_app_service.gitea.default_site_hostname
value = azurerm_linux_web_app.gitea.default_hostname
}

output "connection_uri" {
value = "https://${azurerm_app_service.gitea.default_site_hostname}/"
value = "https://${azurerm_linux_web_app.gitea.default_hostname}/"
}
2 changes: 1 addition & 1 deletion templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-service-guacamole-linuxvm
version: 0.4.15
version: 0.4.16
description: "An Azure TRE User Resource Template for Guacamole (Linux)"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
4 changes: 2 additions & 2 deletions .../workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/linuxvm.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ resource "random_string" "username" {
length = 4
upper = true
lower = true
number = true
numeric = true
min_numeric = 1
min_lower = 1
special = false
Expand All @@ -26,7 +26,7 @@ resource "random_password" "password" {
min_lower = 1
upper = true
min_upper = 1
number = true
numeric = true
min_numeric = 1
special = true
min_special = 1
Expand Down
2 changes: 1 addition & 1 deletion ...tes/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ data "azurerm_key_vault" "ws" {
resource_group_name = data.azurerm_resource_group.ws.name
}

data "azurerm_app_service" "guacamole" {
data "azurerm_linux_web_app" "guacamole" {
name = "guacamole-${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_parent_id}"
resource_group_name = data.azurerm_resource_group.ws.name
}
2 changes: 1 addition & 1 deletion .../workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ output "azure_resource_id" {
}

output "connection_uri" {
value = "https://${data.azurerm_app_service.guacamole.default_site_hostname}/?/client/${textencodebase64("${azurerm_linux_virtual_machine.linuxvm.name}\u0000c\u0000azuretre", "UTF-8")}"
value = "https://${data.azurerm_linux_web_app.guacamole.default_hostname}/?/client/${textencodebase64("${azurerm_linux_virtual_machine.linuxvm.name}\u0000c\u0000azuretre", "UTF-8")}"
}

output "vm_username" {
Expand Down
2 changes: 1 addition & 1 deletion templates/workspace_services/mlflow/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-service-mlflow
version: 0.3.7
version: 0.3.8
description: "An Azure TRE service for MLflow machine learning lifecycle"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
6 changes: 3 additions & 3 deletions templates/workspace_services/mlflow/terraform/postgresql.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ resource "random_string" "username" {
length = 10
upper = true
lower = true
number = false
numeric = false
min_lower = 1
special = false
}
Expand All @@ -13,7 +13,7 @@ resource "random_password" "password" {
min_lower = 1
upper = true
min_upper = 1
number = true
numeric = true
min_numeric = 1
special = true
min_special = 1
Expand Down Expand Up @@ -64,7 +64,7 @@ resource "azurerm_postgresql_database" "mlflow" {
collation = "English_United States.1252"
}

resource "azurerm_private_endpoint" "private-endpoint" {
resource "azurerm_private_endpoint" "private_endpoint" {
name = "pe-${azurerm_postgresql_server.mlflow.name}-postgres"
location = data.azurerm_resource_group.ws.location
resource_group_name = data.azurerm_resource_group.ws.name
Expand Down
2 changes: 1 addition & 1 deletion templates/workspaces/base/porter.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: tre-workspace-base
version: 0.3.30
version: 0.3.31
description: "A base Azure TRE workspace"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down
8 changes: 4 additions & 4 deletions templates/workspaces/base/terraform/network/network.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ resource "azurerm_subnet" "services" {
resource_group_name = var.ws_resource_group_name
address_prefixes = [local.services_subnet_address_prefix]
# notice that private endpoints do not adhere to NSG rules
enforce_private_link_endpoint_network_policies = true
enforce_private_link_service_network_policies = true
private_endpoint_network_policies_enabled = true
private_link_service_network_policies_enabled = true

# Eventgrid CAN'T send messages over private endpoints, hence we need to allow service endpoints to the service bus
# We are using service endpoints + managed identity to send these messaages
Expand All @@ -29,8 +29,8 @@ resource "azurerm_subnet" "webapps" {
resource_group_name = var.ws_resource_group_name
address_prefixes = [local.webapps_subnet_address_prefix]
# notice that private endpoints do not adhere to NSG rules
enforce_private_link_endpoint_network_policies = true
enforce_private_link_service_network_policies = true
private_endpoint_network_policies_enabled = true
private_link_service_network_policies_enabled = true

delegation {
name = "delegation"
Expand Down

0 comments on commit 7ece0dc

Please sign in to comment.