Revert "Convert data inputs into variable inputs for modules in Terra…

…form (microsoft#1154)" This reverts commit c3e2cb7.
tanya-borisova · Jan 31, 2022 · a5c600c · a5c600c
1 parent 4f614c0
commit a5c600c
Show file tree

Hide file tree

Showing 13 changed files with 106 additions and 157 deletions.
diff --git a/templates/core/terraform/api-webapp/output.tf b/templates/core/terraform/api-webapp/output.tf
@@ -1,7 +1,3 @@
 output "api_fqdn" {
   value = azurerm_app_service.api.default_site_hostname
 }
-
-output "core_app_service_plan_id" {
-  value = azurerm_app_service_plan.core.id
-}
diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf
@@ -204,53 +204,3 @@ module "jumpbox" {
     module.keyvault
   ]
 }
-
-module "gitea" {
-  count                                         = var.deploy_gitea == true ? 1 : 0
-  source                                        = "../../shared_services/gitea/terraform"
-  tre_id                                        = var.tre_id
-  location                                      = var.location
-  docker_registry_server                        = data.azurerm_container_registry.mgmt_acr.login_server
-  acr_id                                        = data.azurerm_container_registry.mgmt_acr.id
-  keyvault_id                                   = module.keyvault.keyvault_id
-  storage_account_name                          = module.storage.storage_account_name
-  storage_account_primary_access_key            = module.storage.storage_account_access_key
-  shared_subnet_id                              = module.network.shared_subnet_id
-  web_app_subnet_id                             = module.network.web_app_subnet_id
-  private_dns_zone_azurewebsites_id             = module.network.private_dns_zone_azurewebsites_id
-  private_dns_zone_mysql_id                     = module.network.private_dns_zone_mysql_id
-  log_analytics_workspace_id                    = module.azure_monitor.log_analytics_workspace_id
-  core_app_service_plan_id                      = module.api-webapp.core_app_service_plan_id
-  core_application_insights_instrumentation_key = module.azure_monitor.app_insights_instrumentation_key
-  web_app_subnet_address_prefixes               = module.network.web_app_subnet_address_prefixes
-
-  depends_on = [
-    module.network,
-    module.api-webapp, # it would have been better to depend on the plan itself and not the whole module
-    module.keyvault,
-    module.storage
-  ]
-}
-
-module "nexus" {
-  count                                         = var.deploy_nexus == true ? 1 : 0
-  source                                        = "../../shared_services/sonatype-nexus/terraform"
-  tre_id                                        = var.tre_id
-  location                                      = var.location
-  storage_account_name                          = module.storage.storage_account_name
-  storage_account_primary_access_key            = module.storage.storage_account_access_key
-  shared_subnet_id                              = module.network.shared_subnet_id
-  web_app_subnet_id                             = module.network.web_app_subnet_id
-  private_dns_zone_azurewebsites_id             = module.network.private_dns_zone_azurewebsites_id
-  log_analytics_workspace_id                    = module.azure_monitor.log_analytics_workspace_id
-  core_app_service_plan_id                      = module.api-webapp.core_app_service_plan_id
-  core_application_insights_instrumentation_key = module.azure_monitor.app_insights_instrumentation_key
-  web_app_subnet_address_prefixes               = module.network.web_app_subnet_address_prefixes
-
-  depends_on = [
-    module.network,
-    module.api-webapp, # it would have been better to depend on the plan itself and not the whole module
-    module.keyvault,
-    module.storage
-  ]
-}
diff --git a/templates/core/terraform/network/output.tf b/templates/core/terraform/network/output.tf
@@ -10,34 +10,18 @@ output "azure_firewall_subnet_id" {
   value = azurerm_subnet.azure_firewall.id
 }
 
-output "azure_firewall_subnet_address_prefixes" {
-  value = azurerm_subnet.azure_firewall.address_prefixes
-}
-
 output "app_gw_subnet_id" {
   value = azurerm_subnet.app_gw.id
 }
 
-output "app_gw_subnet_address_prefixes" {
-  value = azurerm_subnet.app_gw.address_prefixes
-}
-
 output "web_app_subnet_id" {
   value = azurerm_subnet.web_app.id
 }
 
-output "web_app_subnet_address_prefixes" {
-  value = azurerm_subnet.web_app.address_prefixes
-}
-
 output "shared_subnet_id" {
   value = azurerm_subnet.shared.id
 }
 
-output "shared_subnet_address_prefixes" {
-  value = azurerm_subnet.shared.address_prefixes
-}
-
 output "private_dns_zone_azurewebsites_id" {
   value = azurerm_private_dns_zone.azurewebsites.id
 }
@@ -50,10 +34,6 @@ output "resource_processor_subnet_id" {
   value = azurerm_subnet.resource_processor.id
 }
 
-output "resource_processor_subnet_address_prefixes" {
-  value = azurerm_subnet.resource_processor.address_prefixes
-}
-
 output "azure_monitor_dns_zone_id" {
   value = azurerm_private_dns_zone.azure_monitor.id
 }

diff --git a/templates/shared_services/firewall/terraform/data.tf b/templates/shared_services/firewall/terraform/data.tf
@@ -2,31 +2,26 @@ data "azurerm_subnet" "firewall" {
   name                 = "AzureFirewallSubnet"
   virtual_network_name = "vnet-${var.tre_id}"
 
-  resource_group_name = local.core_resource_group_name
+  resource_group_name = var.resource_group_name
 }
 
 data "azurerm_subnet" "shared" {
   name                 = "SharedSubnet"
   virtual_network_name = "vnet-${var.tre_id}"
 
-  resource_group_name = local.core_resource_group_name
+  resource_group_name = var.resource_group_name
 }
 
 data "azurerm_subnet" "resource_processor" {
   name                 = "ResourceProcessorSubnet"
   virtual_network_name = "vnet-${var.tre_id}"
 
-  resource_group_name = local.core_resource_group_name
+  resource_group_name = var.resource_group_name
 }
 
 data "azurerm_subnet" "web_app" {
   name                 = "WebAppSubnet"
   virtual_network_name = "vnet-${var.tre_id}"
 
-  resource_group_name = local.core_resource_group_name
-}
-
-data "azurerm_log_analytics_workspace" "tre" {
-  name                = "log-${var.tre_id}"
-  resource_group_name = local.core_resource_group_name
+  resource_group_name = var.resource_group_name
 }
diff --git a/templates/shared_services/firewall/terraform/firewall.tf b/templates/shared_services/firewall/terraform/firewall.tf
@@ -282,4 +282,8 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet" {
     ]
     source_addresses = data.azurerm_subnet.web_app.address_prefixes
   }
+
+  depends_on = [
+    azurerm_firewall_network_rule_collection.web_app_subnet
+  ]
 }
diff --git a/templates/shared_services/gitea/terraform/data.tf b/templates/shared_services/gitea/terraform/data.tf
@@ -1,3 +1,44 @@
+data "azurerm_log_analytics_workspace" "tre" {
+  name                = "log-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_app_service_plan" "core" {
+  name                = "plan-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_application_insights" "core" {
+  name                = "appi-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_virtual_network" "core" {
+  name                = local.core_vnet
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_subnet" "web_app" {
+  resource_group_name  = local.core_resource_group_name
+  virtual_network_name = local.core_vnet
+  name                 = "WebAppSubnet"
+}
+
+data "azurerm_firewall" "fw" {
+  name                = "fw-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_private_dns_zone" "mysql" {
+  name                = "privatelink.mysql.database.azure.com"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_storage_account" "gitea" {
+  name                = var.storage_account_name
+  resource_group_name = local.core_resource_group_name
+}
+
 data "local_file" "version" {
   filename = "${path.module}/../version.txt"
 }
diff --git a/templates/shared_services/gitea/terraform/firewall.tf b/templates/shared_services/gitea/terraform/firewall.tf
@@ -1,7 +1,7 @@
 resource "azurerm_firewall_application_rule_collection" "web_app_subnet_gitea" {
   name                = "arc-web_app_subnet_gitea"
-  azure_firewall_name = local.firewall_name
-  resource_group_name = local.core_resource_group_name
+  azure_firewall_name = data.azurerm_firewall.fw.name
+  resource_group_name = data.azurerm_firewall.fw.resource_group_name
   priority            = 103
   action              = "Allow"
 
@@ -17,6 +17,8 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet_gitea" {
     }
 
     target_fqdns     = local.gitea_allowed_fqdns_list
-    source_addresses = var.web_app_subnet_address_prefixes
+    source_addresses = data.azurerm_subnet.web_app.address_prefixes
+
   }
 }
+
diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf
@@ -20,11 +20,11 @@ resource "azurerm_app_service" "gitea" {
   name                = local.webapp_name
   resource_group_name = local.core_resource_group_name
   location            = var.location
-  app_service_plan_id = var.core_app_service_plan_id
+  app_service_plan_id = data.azurerm_app_service_plan.core.id
   https_only          = true
 
   app_settings = {
-    APPINSIGHTS_INSTRUMENTATIONKEY      = var.core_application_insights_instrumentation_key
+    APPINSIGHTS_INSTRUMENTATIONKEY      = data.azurerm_application_insights.core.instrumentation_key
     WEBSITES_PORT                       = "3000"
     WEBSITES_ENABLE_APP_SERVICE_STORAGE = false
 
@@ -86,9 +86,9 @@ resource "azurerm_app_service" "gitea" {
   storage_account {
     name         = "gitea-data"
     type         = "AzureFiles"
-    account_name = var.storage_account_name
+    account_name = data.azurerm_storage_account.gitea.name
 
-    access_key = var.storage_account_primary_access_key
+    access_key = data.azurerm_storage_account.gitea.primary_access_key
     share_name = azurerm_storage_share.gitea.name
 
     mount_path = "/data"
@@ -135,13 +135,13 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" {
 
 resource "azurerm_app_service_virtual_network_swift_connection" "gitea-integrated-vnet" {
   app_service_id = azurerm_app_service.gitea.id
-  subnet_id      = var.web_app_subnet_id
+  subnet_id      = data.azurerm_subnet.web_app.id
 }
 
 resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" {
   name                       = "diag-${var.tre_id}"
   target_resource_id         = azurerm_app_service.gitea.id
-  log_analytics_workspace_id = var.log_analytics_workspace_id
+  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id
 
   log {
     category = "AppServiceHTTPLogs"
@@ -253,7 +253,7 @@ resource "azurerm_key_vault_secret" "gitea_password" {
 
 resource "azurerm_storage_share" "gitea" {
   name                 = "gitea-data"
-  storage_account_name = var.storage_account_name
+  storage_account_name = data.azurerm_storage_account.gitea.name
   quota                = var.gitea_storage_limit
 }
 

diff --git a/templates/shared_services/gitea/terraform/variables.tf b/templates/shared_services/gitea/terraform/variables.tf
@@ -26,26 +26,11 @@ variable "storage_account_name" {
   description = "The name of the storage account to use"
 }
 
-variable "storage_account_primary_access_key" {
-  type        = string
-  description = "The Primary Access Key for the storage account"
-}
-
 variable "shared_subnet_id" {
   type        = string
   description = "The ID of the shared subnet in which to create a private endpoint"
 }
 
-variable "web_app_subnet_id" {
-  type        = string
-  description = "The ID of the Web App subnet to connect to"
-}
-
-variable "web_app_subnet_address_prefixes" {
-  type        = list(string)
-  description = "List of address prefixes for the Web App subnet"
-}
-
 variable "private_dns_zone_azurewebsites_id" {
   type        = string
   description = "The ID of the private DNS zone to use for the private endpoint"
@@ -62,21 +47,6 @@ variable "gitea_storage_limit" {
   default     = 1024
 }
 
-variable "log_analytics_workspace_id" {
-  type        = string
-  description = "ID of the Log Analytics workspace for TRE"
-}
-
-variable "core_app_service_plan_id" {
-  type        = string
-  description = "Name of the App Service plan"
-}
-
-variable "core_application_insights_instrumentation_key" {
-  type        = string
-  description = "Instrumentation key for the Core Application Insights"
-}
-
 variable "gitea_allowed_fqdns" {
   type        = string
   description = "comma seperated string of allowed FQDNs for Gitea"

diff --git a/templates/shared_services/sonatype-nexus/terraform/data.tf b/templates/shared_services/sonatype-nexus/terraform/data.tf
@@ -0,0 +1,35 @@
+data "azurerm_log_analytics_workspace" "tre" {
+  name                = "log-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_app_service_plan" "core" {
+  name                = "plan-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_application_insights" "core" {
+  name                = "appi-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_virtual_network" "core" {
+  name                = local.core_vnet
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_storage_account" "nexus" {
+  name                = var.storage_account_name
+  resource_group_name = local.core_resource_group_name
+}
+
+data "azurerm_subnet" "web_app" {
+  name                 = "WebAppSubnet"
+  virtual_network_name = "vnet-${var.tre_id}"
+  resource_group_name  = local.core_resource_group_name
+}
+
+data "azurerm_firewall" "fw" {
+  name                = "fw-${var.tre_id}"
+  resource_group_name = local.core_resource_group_name
+}
diff --git a/templates/shared_services/sonatype-nexus/terraform/firewall.tf b/templates/shared_services/sonatype-nexus/terraform/firewall.tf
@@ -1,7 +1,7 @@
 resource "azurerm_firewall_application_rule_collection" "web_app_subnet_nexus" {
   name                = "arc-web_app_subnet_nexus"
-  azure_firewall_name = local.firewall_name
-  resource_group_name = local.core_resource_group_name
+  azure_firewall_name = data.azurerm_firewall.fw.name
+  resource_group_name = data.azurerm_firewall.fw.resource_group_name
   priority            = 104
   action              = "Allow"
 
@@ -17,6 +17,7 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet_nexus" {
     }
 
     target_fqdns     = local.nexus_allowed_fqdns_list
-    source_addresses = var.web_app_subnet_address_prefixes
+    source_addresses = data.azurerm_subnet.web_app.address_prefixes
+
   }
 }