From c469d7561ce6a183696c30648ecc74e1f48ad655 Mon Sep 17 00:00:00 2001 From: Denis Cepun Date: Mon, 10 May 2021 22:11:14 +0300 Subject: [PATCH 1/2] adds empty workspace template with peering --- templates/core/terraform/variables.tf | 5 --- .../terraform/.terraform.lock.hcl | 38 +++++++++++++++++++ .../base_workspace/terraform/locals.tf | 13 +++++++ .../base_workspace/terraform/main.tf | 34 +++++++++++++++++ .../terraform/network/locals.tf | 4 ++ .../terraform/network/network.tf | 34 +++++++++++++++++ .../terraform/network/variables.tf | 8 ++++ .../base_workspace/terraform/outputs.tf | 3 ++ .../terraform/terraform.tfvars.tmpl | 6 +++ .../base_workspace/terraform/variables.tf | 30 +++++++++++++++ 10 files changed, 170 insertions(+), 5 deletions(-) create mode 100644 templates/workspaces/base_workspace/terraform/.terraform.lock.hcl create mode 100644 templates/workspaces/base_workspace/terraform/locals.tf create mode 100644 templates/workspaces/base_workspace/terraform/main.tf create mode 100644 templates/workspaces/base_workspace/terraform/network/locals.tf create mode 100644 templates/workspaces/base_workspace/terraform/network/network.tf create mode 100644 templates/workspaces/base_workspace/terraform/network/variables.tf create mode 100644 templates/workspaces/base_workspace/terraform/outputs.tf create mode 100644 templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl create mode 100644 templates/workspaces/base_workspace/terraform/variables.tf diff --git a/templates/core/terraform/variables.tf b/templates/core/terraform/variables.tf index 2fd675188d..913ddec7ee 100644 --- a/templates/core/terraform/variables.tf +++ b/templates/core/terraform/variables.tf @@ -13,11 +13,6 @@ variable "location" { description = "Azure region for deployment of core TRE services" } -variable "tre_dns_suffix" { - type = string - description = "DNS suffix for the environment. E.g. .dre.myorg.com or .drelocal - must have >= 2 labels such as x.drelocal" -} - variable "address_space" { type = string description = "Core services VNET Address Space" diff --git a/templates/workspaces/base_workspace/terraform/.terraform.lock.hcl b/templates/workspaces/base_workspace/terraform/.terraform.lock.hcl new file mode 100644 index 0000000000..0b5b2e4693 --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/.terraform.lock.hcl @@ -0,0 +1,38 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "2.46.0" + constraints = "2.46.0" + hashes = [ + "h1:lWovJczej2IP+aL24Fs4mz6brz7eoMxuqzxhEa2I/rc=", + "zh:049938dab6f78a642a7c4147f99f146dc25824c738d0b18d448c665880d105fa", + "zh:139de4a46bbfc18b5403fa2264878a056fd8593d860942233913e54233c7327d", + "zh:19ceb7fc964265cb7e7f708e32b72a00089ed0398ae1f0014b5832078bd5be79", + "zh:6bf0b5ed0313188af6347354d8fe693abc708199eb732c19d876ae9cbef202ab", + "zh:ab2bb2f60e3daba204d3d8d47905b4815921a1455197bbd7530d71c604720a14", + "zh:c08b5cd280cb73504ace949f086db8420a7aee054833c6761d406829c18c6a15", + "zh:d5eccbc19d62c57c69d15c7f84b9ea3d83d1b78856fe4bc52b31dda8f91480cf", + "zh:e2b29b094a1ce46356dcc3e13693c0c651afc2a47d213d68ed6973b9fb40bae7", + "zh:f353830b47cced07d20dac1f2158962002f644a0240d3aa21fd5ec5e9e42c119", + "zh:f36ff78ae9de95f4216bb420ee4365cee7d70e95fac608fb650ae5aed5c04c1d", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.1.0" + hashes = [ + "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=", + "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc", + "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626", + "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff", + "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2", + "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992", + "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427", + "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc", + "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f", + "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b", + "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7", + "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a", + ] +} diff --git a/templates/workspaces/base_workspace/terraform/locals.tf b/templates/workspaces/base_workspace/terraform/locals.tf new file mode 100644 index 0000000000..4b1052c3cd --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/locals.tf @@ -0,0 +1,13 @@ +data "azurerm_subscription" "current" {} + +data "azurerm_client_config" "current" {} + +# Random unique id +resource "random_string" "unique_id" { + length = 4 + min_numeric = 4 +} + +locals { + tre_id = random_string.unique_id.result +} diff --git a/templates/workspaces/base_workspace/terraform/main.tf b/templates/workspaces/base_workspace/terraform/main.tf new file mode 100644 index 0000000000..aa6062e254 --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/main.tf @@ -0,0 +1,34 @@ +# Azure Provider source and version being used +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "=2.46.0" + } + } +} + +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "ws" { + location = var.location + name = "rg-ws-${var.resource_name_prefix}-${var.environment}-${local.tre_id}" + tags = { + environment = "Azure Trusted Research Environment" + Source = "https://github.com/microsoft/AzureTRE/" + } +} + +module "network" { + source = "./network" + resource_name_prefix = var.resource_name_prefix + environment = var.environment + tre_id = local.tre_id + location = var.location + resource_group_name = azurerm_resource_group.ws.name + address_space = var.address_space + core_vnet = var.core_vnet + core_resource_group_name = var.core_resource_group_name +} diff --git a/templates/workspaces/base_workspace/terraform/network/locals.tf b/templates/workspaces/base_workspace/terraform/network/locals.tf new file mode 100644 index 0000000000..22f4f1703b --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/network/locals.tf @@ -0,0 +1,4 @@ +locals { + ws_services_vnet_subnets = cidrsubnets(var.address_space, 4) + services_subnet_address_prefix = local.ws_services_vnet_subnets[0] +} diff --git a/templates/workspaces/base_workspace/terraform/network/network.tf b/templates/workspaces/base_workspace/terraform/network/network.tf new file mode 100644 index 0000000000..869249612d --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/network/network.tf @@ -0,0 +1,34 @@ +resource "azurerm_virtual_network" "ws" { + name = "vnet-${var.resource_name_prefix}-${var.environment}-${var.tre_id}" + location = var.location + resource_group_name = var.resource_group_name + address_space = [var.address_space] +} + + +resource "azurerm_subnet" "services" { + name = "ServicesSubnet" + virtual_network_name = azurerm_virtual_network.ws.name + resource_group_name = var.resource_group_name + address_prefixes = [local.services_subnet_address_prefix] + enforce_private_link_endpoint_network_policies = true +} + +data "azurerm_virtual_network" "core" { + name = var.core_vnet + resource_group_name = var.core_resource_group_name +} + +resource "azurerm_virtual_network_peering" "ws-core-peer" { + name = "ws-core-peer-${var.resource_name_prefix}-${var.environment}-${var.tre_id}" + resource_group_name = var.resource_group_name + virtual_network_name = azurerm_virtual_network.ws.name + remote_virtual_network_id = data.azurerm_virtual_network.core.id +} + +resource "azurerm_virtual_network_peering" "core-ws-peer" { + name = "core-ws-peer-${var.resource_name_prefix}-${var.environment}-${var.tre_id}" + resource_group_name = var.core_resource_group_name + virtual_network_name = var.core_vnet + remote_virtual_network_id = azurerm_virtual_network.ws.id +} diff --git a/templates/workspaces/base_workspace/terraform/network/variables.tf b/templates/workspaces/base_workspace/terraform/network/variables.tf new file mode 100644 index 0000000000..7016f4dd7e --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/network/variables.tf @@ -0,0 +1,8 @@ +variable "resource_name_prefix" {} +variable "environment" {} +variable "tre_id" {} +variable "location" {} +variable "resource_group_name" {} +variable "address_space" {} +variable "core_vnet" {} +variable "core_resource_group_name" {} diff --git a/templates/workspaces/base_workspace/terraform/outputs.tf b/templates/workspaces/base_workspace/terraform/outputs.tf new file mode 100644 index 0000000000..8c7080fa77 --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/outputs.tf @@ -0,0 +1,3 @@ +output "ws_resource_group_name" { + value = azurerm_resource_group.ws.name +} diff --git a/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl b/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl new file mode 100644 index 0000000000..aab309cab7 --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl @@ -0,0 +1,6 @@ +resource_name_prefix = "tre" +environment = "dev" +location = "westeurope" +address_space = "10.1.1.0/24" +core_vnet = "dc55trevnet" +core_resource_group_name= "dc55trerg" \ No newline at end of file diff --git a/templates/workspaces/base_workspace/terraform/variables.tf b/templates/workspaces/base_workspace/terraform/variables.tf new file mode 100644 index 0000000000..00a6899620 --- /dev/null +++ b/templates/workspaces/base_workspace/terraform/variables.tf @@ -0,0 +1,30 @@ +variable "resource_name_prefix" { + type = string + description = "Resource name prefix" +} + +variable "environment" { + type = string + description = "The stage of the development lifecycle for the workload that the resource supports. Examples: prod, dev, qa, stage, test" +} + +variable "location" { + type = string + description = "Azure region for deployment of core TRE services" +} + +variable "core_vnet" { + type = string + description = "Core VNET" +} + +variable "core_resource_group_name" { + type = string + description = "TRE Core Resource Group Name" +} + + +variable "address_space" { + type = string + description = "Workspace services VNET Address Space" +} From 73696d2d292a6fafab5bb12a7edf90c2aca159b1 Mon Sep 17 00:00:00 2001 From: Denis Cepun Date: Wed, 12 May 2021 09:24:28 +0300 Subject: [PATCH 2/2] fixes based on the comments (resource naming) --- templates/core/terraform/main.tf | 6 ++++-- templates/core/terraform/network/network.tf | 1 + templates/core/terraform/outputs.tf | 4 ++++ .../base_workspace/terraform/locals.tf | 3 ++- .../base_workspace/terraform/main.tf | 16 ++++++++-------- .../terraform/network/network.tf | 7 ++++--- .../terraform/network/variables.tf | 5 ++--- .../terraform/terraform.tfvars.tmpl | 8 +++----- .../base_workspace/terraform/variables.tf | 19 ++++--------------- 9 files changed, 32 insertions(+), 37 deletions(-) diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf index b050bfd165..4debb8e010 100644 --- a/templates/core/terraform/main.tf +++ b/templates/core/terraform/main.tf @@ -16,8 +16,10 @@ resource "azurerm_resource_group" "core" { location = var.location name = "rg-${var.resource_name_prefix}-${var.environment}-${local.tre_id}" tags = { - environment = "Azure Trusted Research Environment" - Source = "https://github.com/microsoft/AzureTRE/" + project = "Azure Trusted Research Environment" + environment = var.environment + core_id = "${var.resource_name_prefix}-${var.environment}-${local.tre_id}" + source = "https://github.com/microsoft/AzureTRE/" } } diff --git a/templates/core/terraform/network/network.tf b/templates/core/terraform/network/network.tf index 782a3af2f0..ce3015cf3c 100644 --- a/templates/core/terraform/network/network.tf +++ b/templates/core/terraform/network/network.tf @@ -49,5 +49,6 @@ resource "azurerm_subnet" "shared" { virtual_network_name = azurerm_virtual_network.core.name resource_group_name = var.resource_group_name address_prefixes = [local.shared_services_subnet_address_prefix] + # notice that private endpoints do not adhere to NSG rules enforce_private_link_endpoint_network_policies = true } diff --git a/templates/core/terraform/outputs.tf b/templates/core/terraform/outputs.tf index 06dc04c663..c115119961 100644 --- a/templates/core/terraform/outputs.tf +++ b/templates/core/terraform/outputs.tf @@ -1,3 +1,7 @@ +output "core_id" { + value = "${var.resource_name_prefix}-${var.environment}-${local.tre_id}" +} + output "core_resource_group_name" { value = azurerm_resource_group.core.name } diff --git a/templates/workspaces/base_workspace/terraform/locals.tf b/templates/workspaces/base_workspace/terraform/locals.tf index 4b1052c3cd..5a054c88b0 100644 --- a/templates/workspaces/base_workspace/terraform/locals.tf +++ b/templates/workspaces/base_workspace/terraform/locals.tf @@ -9,5 +9,6 @@ resource "random_string" "unique_id" { } locals { - tre_id = random_string.unique_id.result + core_vnet = "vnet-${var.core_id}" + core_resource_group_name = "rg-${var.core_id}" } diff --git a/templates/workspaces/base_workspace/terraform/main.tf b/templates/workspaces/base_workspace/terraform/main.tf index aa6062e254..8e2b41cd21 100644 --- a/templates/workspaces/base_workspace/terraform/main.tf +++ b/templates/workspaces/base_workspace/terraform/main.tf @@ -14,21 +14,21 @@ provider "azurerm" { resource "azurerm_resource_group" "ws" { location = var.location - name = "rg-ws-${var.resource_name_prefix}-${var.environment}-${local.tre_id}" + name = "rg-${var.core_id}-ws-${var.ws_id}" tags = { - environment = "Azure Trusted Research Environment" - Source = "https://github.com/microsoft/AzureTRE/" + project = "Azure Trusted Research Environment" + core_id = var.core_id + source = "https://github.com/microsoft/AzureTRE/" } } module "network" { source = "./network" - resource_name_prefix = var.resource_name_prefix - environment = var.environment - tre_id = local.tre_id + ws_id = var.ws_id + core_id = var.core_id location = var.location resource_group_name = azurerm_resource_group.ws.name address_space = var.address_space - core_vnet = var.core_vnet - core_resource_group_name = var.core_resource_group_name + core_vnet = local.core_vnet + core_resource_group_name = local.core_resource_group_name } diff --git a/templates/workspaces/base_workspace/terraform/network/network.tf b/templates/workspaces/base_workspace/terraform/network/network.tf index 869249612d..b7f61fa853 100644 --- a/templates/workspaces/base_workspace/terraform/network/network.tf +++ b/templates/workspaces/base_workspace/terraform/network/network.tf @@ -1,5 +1,5 @@ resource "azurerm_virtual_network" "ws" { - name = "vnet-${var.resource_name_prefix}-${var.environment}-${var.tre_id}" + name = "vnet-${var.core_id}-ws-${var.ws_id}" location = var.location resource_group_name = var.resource_group_name address_space = [var.address_space] @@ -11,6 +11,7 @@ resource "azurerm_subnet" "services" { virtual_network_name = azurerm_virtual_network.ws.name resource_group_name = var.resource_group_name address_prefixes = [local.services_subnet_address_prefix] + # notice that private endpoints do not adhere to NSG rules enforce_private_link_endpoint_network_policies = true } @@ -20,14 +21,14 @@ data "azurerm_virtual_network" "core" { } resource "azurerm_virtual_network_peering" "ws-core-peer" { - name = "ws-core-peer-${var.resource_name_prefix}-${var.environment}-${var.tre_id}" + name = "ws-core-peer-${var.core_id}-ws-${var.ws_id}" resource_group_name = var.resource_group_name virtual_network_name = azurerm_virtual_network.ws.name remote_virtual_network_id = data.azurerm_virtual_network.core.id } resource "azurerm_virtual_network_peering" "core-ws-peer" { - name = "core-ws-peer-${var.resource_name_prefix}-${var.environment}-${var.tre_id}" + name = "core-ws-peer-${var.core_id}-ws-${var.ws_id}" resource_group_name = var.core_resource_group_name virtual_network_name = var.core_vnet remote_virtual_network_id = azurerm_virtual_network.ws.id diff --git a/templates/workspaces/base_workspace/terraform/network/variables.tf b/templates/workspaces/base_workspace/terraform/network/variables.tf index 7016f4dd7e..9e67bcfe14 100644 --- a/templates/workspaces/base_workspace/terraform/network/variables.tf +++ b/templates/workspaces/base_workspace/terraform/network/variables.tf @@ -1,6 +1,5 @@ -variable "resource_name_prefix" {} -variable "environment" {} -variable "tre_id" {} +variable "ws_id" {} +variable "core_id" {} variable "location" {} variable "resource_group_name" {} variable "address_space" {} diff --git a/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl b/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl index aab309cab7..f89f2f600c 100644 --- a/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl +++ b/templates/workspaces/base_workspace/terraform/terraform.tfvars.tmpl @@ -1,6 +1,4 @@ -resource_name_prefix = "tre" -environment = "dev" location = "westeurope" -address_space = "10.1.1.0/24" -core_vnet = "dc55trevnet" -core_resource_group_name= "dc55trerg" \ No newline at end of file +core_id = "tre-dev-9020" +ws_id = "001" +address_space = "10.2.1.0/24" \ No newline at end of file diff --git a/templates/workspaces/base_workspace/terraform/variables.tf b/templates/workspaces/base_workspace/terraform/variables.tf index 00a6899620..ac2976d240 100644 --- a/templates/workspaces/base_workspace/terraform/variables.tf +++ b/templates/workspaces/base_workspace/terraform/variables.tf @@ -1,29 +1,18 @@ -variable "resource_name_prefix" { - type = string - description = "Resource name prefix" -} - -variable "environment" { - type = string - description = "The stage of the development lifecycle for the workload that the resource supports. Examples: prod, dev, qa, stage, test" -} - variable "location" { type = string description = "Azure region for deployment of core TRE services" } -variable "core_vnet" { +variable "core_id" { type = string - description = "Core VNET" + description = "ID of the TRE Core (e.g. tre-dev-1111)" } -variable "core_resource_group_name" { +variable "ws_id" { type = string - description = "TRE Core Resource Group Name" + description = "Workspace ID (sequential)" } - variable "address_space" { type = string description = "Workspace services VNET Address Space"