Merge pull request #61 from microsoft/feature/5484-workspace-template

Add a base workspace template with peering
microsoft · May 12, 2021 · f2b5408 · f2b5408
2 parents 2774b0a + 73696d2
commit f2b5408
Show file tree

Hide file tree

Showing 13 changed files with 167 additions and 7 deletions.
diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf
@@ -16,8 +16,10 @@ resource "azurerm_resource_group" "core" {
   location  = var.location
   name      = "rg-${var.resource_name_prefix}-${var.environment}-${local.tre_id}"
   tags      = {
-              environment   = "Azure Trusted Research Environment"
-              Source        = "https://github.com/microsoft/AzureTRE/"
+              project       = "Azure Trusted Research Environment"
+              environment   = var.environment
+              core_id       = "${var.resource_name_prefix}-${var.environment}-${local.tre_id}"
+              source        = "https://github.com/microsoft/AzureTRE/"
   }
 }
 

diff --git a/templates/core/terraform/network/network.tf b/templates/core/terraform/network/network.tf
@@ -49,5 +49,6 @@ resource "azurerm_subnet" "shared" {
   virtual_network_name                           = azurerm_virtual_network.core.name
   resource_group_name                            = var.resource_group_name
   address_prefixes                               = [local.shared_services_subnet_address_prefix]
+  # notice that private endpoints do not adhere to NSG rules
   enforce_private_link_endpoint_network_policies = true
 }
diff --git a/templates/core/terraform/outputs.tf b/templates/core/terraform/outputs.tf
@@ -1,3 +1,7 @@
+output "core_id" {
+  value = "${var.resource_name_prefix}-${var.environment}-${local.tre_id}"
+}
+
 output "core_resource_group_name" {
   value = azurerm_resource_group.core.name
 }

diff --git a/templates/core/terraform/variables.tf b/templates/core/terraform/variables.tf
@@ -13,11 +13,6 @@ variable "location" {
   description = "Azure region for deployment of core TRE services"
 }
 
-variable "tre_dns_suffix" {
-  type        = string
-  description = "DNS suffix for the environment. E.g. .dre.myorg.com or .drelocal - must have >= 2 labels such as x.drelocal"
-}
-
 variable "address_space" {
   type        = string
   description = "Core services VNET Address Space"

diff --git a/templates/workspaces/base_workspace/terraform/.terraform.lock.hcl b/templates/workspaces/base_workspace/terraform/.terraform.lock.hcl
diff --git a/templates/workspaces/base_workspace/terraform/locals.tf b/templates/workspaces/base_workspace/terraform/locals.tf
@@ -0,0 +1,14 @@
+data "azurerm_subscription" "current" {}
+
+data "azurerm_client_config" "current" {}
+
+# Random unique id
+resource "random_string" "unique_id" {
+  length      = 4
+  min_numeric = 4
+}
+
+locals {
+  core_vnet                 = "vnet-${var.core_id}"
+  core_resource_group_name  = "rg-${var.core_id}"
+}
diff --git a/templates/workspaces/base_workspace/terraform/main.tf b/templates/workspaces/base_workspace/terraform/main.tf
@@ -0,0 +1,34 @@
+# Azure Provider source and version being used
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "=2.46.0"
+    }
+  }
+}
+
+provider "azurerm" {
+    features {}
+}
+
+resource "azurerm_resource_group" "ws" {
+  location  = var.location
+  name      = "rg-${var.core_id}-ws-${var.ws_id}"
+  tags      = {
+              project       = "Azure Trusted Research Environment"
+              core_id       = var.core_id
+              source        = "https://github.com/microsoft/AzureTRE/"
+  }
+}
+
+module "network" {
+  source                = "./network"
+  ws_id                 = var.ws_id
+  core_id               = var.core_id
+  location              = var.location
+  resource_group_name   = azurerm_resource_group.ws.name
+  address_space         = var.address_space
+  core_vnet             = local.core_vnet
+  core_resource_group_name = local.core_resource_group_name
+}
diff --git a/templates/workspaces/base_workspace/terraform/network/locals.tf b/templates/workspaces/base_workspace/terraform/network/locals.tf
@@ -0,0 +1,4 @@
+locals {
+  ws_services_vnet_subnets            = cidrsubnets(var.address_space, 4)
+  services_subnet_address_prefix      = local.ws_services_vnet_subnets[0]
+}
diff --git a/templates/workspaces/base_workspace/terraform/network/network.tf b/templates/workspaces/base_workspace/terraform/network/network.tf
@@ -0,0 +1,35 @@
+resource "azurerm_virtual_network" "ws" {
+  name                = "vnet-${var.core_id}-ws-${var.ws_id}"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  address_space       = [var.address_space]
+}
+
+
+resource "azurerm_subnet" "services" {
+  name                                           = "ServicesSubnet"
+  virtual_network_name                           = azurerm_virtual_network.ws.name
+  resource_group_name                            = var.resource_group_name
+  address_prefixes                               = [local.services_subnet_address_prefix]
+  # notice that private endpoints do not adhere to NSG rules
+  enforce_private_link_endpoint_network_policies = true
+}
+
+data "azurerm_virtual_network" "core" {
+  name                = var.core_vnet
+  resource_group_name = var.core_resource_group_name
+}
+
+resource "azurerm_virtual_network_peering" "ws-core-peer" {
+  name                      = "ws-core-peer-${var.core_id}-ws-${var.ws_id}"
+  resource_group_name       = var.resource_group_name
+  virtual_network_name      = azurerm_virtual_network.ws.name
+  remote_virtual_network_id = data.azurerm_virtual_network.core.id
+}
+
+resource "azurerm_virtual_network_peering" "core-ws-peer" {
+  name                      = "core-ws-peer-${var.core_id}-ws-${var.ws_id}"
+  resource_group_name       = var.core_resource_group_name
+  virtual_network_name      = var.core_vnet
+  remote_virtual_network_id = azurerm_virtual_network.ws.id
+}
diff --git a/templates/workspaces/base_workspace/terraform/network/variables.tf b/templates/workspaces/base_workspace/terraform/network/variables.tf
@@ -0,0 +1,7 @@
+variable "ws_id" {}
+variable "core_id" {}
+variable "location" {}
+variable "resource_group_name" {}
+variable "address_space" {}
+variable "core_vnet" {}
+variable "core_resource_group_name" {}
diff --git a/templates/workspaces/base_workspace/terraform/outputs.tf b/templates/workspaces/base_workspace/terraform/outputs.tf
@@ -0,0 +1,3 @@
+output "ws_resource_group_name" {
+  value = azurerm_resource_group.ws.name
+}
diff --git a/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl b/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl
@@ -0,0 +1,4 @@
+location                = "westeurope"
+core_id                 = "tre-dev-9020"
+ws_id                   = "001"
+address_space           = "10.2.1.0/24"
diff --git a/templates/workspaces/base_workspace/terraform/variables.tf b/templates/workspaces/base_workspace/terraform/variables.tf
@@ -0,0 +1,19 @@
+variable "location" {
+  type        = string
+  description = "Azure region for deployment of core TRE services"
+}
+
+variable "core_id" {
+  type        = string
+  description = "ID of the TRE Core (e.g. tre-dev-1111)"
+}
+
+variable "ws_id" {
+  type        = string
+  description = "Workspace ID (sequential)"
+}
+
+variable "address_space" {
+  type        = string
+  description = "Workspace services VNET Address Space"
+}