diff --git a/templates/core/terraform/api-webapp/output.tf b/templates/core/terraform/api-webapp/output.tf index b459b73814..2630b680e8 100644 --- a/templates/core/terraform/api-webapp/output.tf +++ b/templates/core/terraform/api-webapp/output.tf @@ -1,7 +1,3 @@ output "api_fqdn" { value = azurerm_app_service.api.default_site_hostname } - -output "core_app_service_plan_id" { - value = azurerm_app_service_plan.core.id -} diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf index 3773ecf447..a66a23eb68 100644 --- a/templates/core/terraform/main.tf +++ b/templates/core/terraform/main.tf @@ -204,53 +204,3 @@ module "jumpbox" { module.keyvault ] } - -module "gitea" { - count = var.deploy_gitea == true ? 1 : 0 - source = "../../shared_services/gitea/terraform" - tre_id = var.tre_id - location = var.location - docker_registry_server = data.azurerm_container_registry.mgmt_acr.login_server - acr_id = data.azurerm_container_registry.mgmt_acr.id - keyvault_id = module.keyvault.keyvault_id - storage_account_name = module.storage.storage_account_name - storage_account_primary_access_key = module.storage.storage_account_access_key - shared_subnet_id = module.network.shared_subnet_id - web_app_subnet_id = module.network.web_app_subnet_id - private_dns_zone_azurewebsites_id = module.network.private_dns_zone_azurewebsites_id - private_dns_zone_mysql_id = module.network.private_dns_zone_mysql_id - log_analytics_workspace_id = module.azure_monitor.log_analytics_workspace_id - core_app_service_plan_id = module.api-webapp.core_app_service_plan_id - core_application_insights_instrumentation_key = module.azure_monitor.app_insights_instrumentation_key - web_app_subnet_address_prefixes = module.network.web_app_subnet_address_prefixes - - depends_on = [ - module.network, - module.api-webapp, # it would have been better to depend on the plan itself and not the whole module - module.keyvault, - module.storage - ] -} - -module "nexus" { - count = var.deploy_nexus == true ? 1 : 0 - source = "../../shared_services/sonatype-nexus/terraform" - tre_id = var.tre_id - location = var.location - storage_account_name = module.storage.storage_account_name - storage_account_primary_access_key = module.storage.storage_account_access_key - shared_subnet_id = module.network.shared_subnet_id - web_app_subnet_id = module.network.web_app_subnet_id - private_dns_zone_azurewebsites_id = module.network.private_dns_zone_azurewebsites_id - log_analytics_workspace_id = module.azure_monitor.log_analytics_workspace_id - core_app_service_plan_id = module.api-webapp.core_app_service_plan_id - core_application_insights_instrumentation_key = module.azure_monitor.app_insights_instrumentation_key - web_app_subnet_address_prefixes = module.network.web_app_subnet_address_prefixes - - depends_on = [ - module.network, - module.api-webapp, # it would have been better to depend on the plan itself and not the whole module - module.keyvault, - module.storage - ] -} diff --git a/templates/core/terraform/network/output.tf b/templates/core/terraform/network/output.tf index aa9217555c..2616b925eb 100644 --- a/templates/core/terraform/network/output.tf +++ b/templates/core/terraform/network/output.tf @@ -10,34 +10,18 @@ output "azure_firewall_subnet_id" { value = azurerm_subnet.azure_firewall.id } -output "azure_firewall_subnet_address_prefixes" { - value = azurerm_subnet.azure_firewall.address_prefixes -} - output "app_gw_subnet_id" { value = azurerm_subnet.app_gw.id } -output "app_gw_subnet_address_prefixes" { - value = azurerm_subnet.app_gw.address_prefixes -} - output "web_app_subnet_id" { value = azurerm_subnet.web_app.id } -output "web_app_subnet_address_prefixes" { - value = azurerm_subnet.web_app.address_prefixes -} - output "shared_subnet_id" { value = azurerm_subnet.shared.id } -output "shared_subnet_address_prefixes" { - value = azurerm_subnet.shared.address_prefixes -} - output "private_dns_zone_azurewebsites_id" { value = azurerm_private_dns_zone.azurewebsites.id } @@ -50,10 +34,6 @@ output "resource_processor_subnet_id" { value = azurerm_subnet.resource_processor.id } -output "resource_processor_subnet_address_prefixes" { - value = azurerm_subnet.resource_processor.address_prefixes -} - output "azure_monitor_dns_zone_id" { value = azurerm_private_dns_zone.azure_monitor.id } diff --git a/templates/shared_services/firewall/terraform/data.tf b/templates/shared_services/firewall/terraform/data.tf index 82548f78ab..9b7db08d80 100644 --- a/templates/shared_services/firewall/terraform/data.tf +++ b/templates/shared_services/firewall/terraform/data.tf @@ -2,31 +2,26 @@ data "azurerm_subnet" "firewall" { name = "AzureFirewallSubnet" virtual_network_name = "vnet-${var.tre_id}" - resource_group_name = local.core_resource_group_name + resource_group_name = var.resource_group_name } data "azurerm_subnet" "shared" { name = "SharedSubnet" virtual_network_name = "vnet-${var.tre_id}" - resource_group_name = local.core_resource_group_name + resource_group_name = var.resource_group_name } data "azurerm_subnet" "resource_processor" { name = "ResourceProcessorSubnet" virtual_network_name = "vnet-${var.tre_id}" - resource_group_name = local.core_resource_group_name + resource_group_name = var.resource_group_name } data "azurerm_subnet" "web_app" { name = "WebAppSubnet" virtual_network_name = "vnet-${var.tre_id}" - resource_group_name = local.core_resource_group_name -} - -data "azurerm_log_analytics_workspace" "tre" { - name = "log-${var.tre_id}" - resource_group_name = local.core_resource_group_name + resource_group_name = var.resource_group_name } diff --git a/templates/shared_services/firewall/terraform/firewall.tf b/templates/shared_services/firewall/terraform/firewall.tf index e446605696..7679062384 100644 --- a/templates/shared_services/firewall/terraform/firewall.tf +++ b/templates/shared_services/firewall/terraform/firewall.tf @@ -282,4 +282,8 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet" { ] source_addresses = data.azurerm_subnet.web_app.address_prefixes } + + depends_on = [ + azurerm_firewall_network_rule_collection.web_app_subnet + ] } diff --git a/templates/shared_services/gitea/terraform/data.tf b/templates/shared_services/gitea/terraform/data.tf index bad497fde7..fb48a0abc6 100644 --- a/templates/shared_services/gitea/terraform/data.tf +++ b/templates/shared_services/gitea/terraform/data.tf @@ -1,3 +1,44 @@ +data "azurerm_log_analytics_workspace" "tre" { + name = "log-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_app_service_plan" "core" { + name = "plan-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_application_insights" "core" { + name = "appi-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_virtual_network" "core" { + name = local.core_vnet + resource_group_name = local.core_resource_group_name +} + +data "azurerm_subnet" "web_app" { + resource_group_name = local.core_resource_group_name + virtual_network_name = local.core_vnet + name = "WebAppSubnet" +} + +data "azurerm_firewall" "fw" { + name = "fw-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_private_dns_zone" "mysql" { + name = "privatelink.mysql.database.azure.com" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_storage_account" "gitea" { + name = var.storage_account_name + resource_group_name = local.core_resource_group_name +} + data "local_file" "version" { filename = "${path.module}/../version.txt" } diff --git a/templates/shared_services/gitea/terraform/firewall.tf b/templates/shared_services/gitea/terraform/firewall.tf index b8580f30be..bca88b7ec6 100644 --- a/templates/shared_services/gitea/terraform/firewall.tf +++ b/templates/shared_services/gitea/terraform/firewall.tf @@ -1,7 +1,7 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet_gitea" { name = "arc-web_app_subnet_gitea" - azure_firewall_name = local.firewall_name - resource_group_name = local.core_resource_group_name + azure_firewall_name = data.azurerm_firewall.fw.name + resource_group_name = data.azurerm_firewall.fw.resource_group_name priority = 103 action = "Allow" @@ -17,6 +17,8 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet_gitea" { } target_fqdns = local.gitea_allowed_fqdns_list - source_addresses = var.web_app_subnet_address_prefixes + source_addresses = data.azurerm_subnet.web_app.address_prefixes + } } + diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index 95a3b650c2..425418ce17 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -20,11 +20,11 @@ resource "azurerm_app_service" "gitea" { name = local.webapp_name resource_group_name = local.core_resource_group_name location = var.location - app_service_plan_id = var.core_app_service_plan_id + app_service_plan_id = data.azurerm_app_service_plan.core.id https_only = true app_settings = { - APPINSIGHTS_INSTRUMENTATIONKEY = var.core_application_insights_instrumentation_key + APPINSIGHTS_INSTRUMENTATIONKEY = data.azurerm_application_insights.core.instrumentation_key WEBSITES_PORT = "3000" WEBSITES_ENABLE_APP_SERVICE_STORAGE = false @@ -86,9 +86,9 @@ resource "azurerm_app_service" "gitea" { storage_account { name = "gitea-data" type = "AzureFiles" - account_name = var.storage_account_name + account_name = data.azurerm_storage_account.gitea.name - access_key = var.storage_account_primary_access_key + access_key = data.azurerm_storage_account.gitea.primary_access_key share_name = azurerm_storage_share.gitea.name mount_path = "/data" @@ -135,13 +135,13 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" { resource "azurerm_app_service_virtual_network_swift_connection" "gitea-integrated-vnet" { app_service_id = azurerm_app_service.gitea.id - subnet_id = var.web_app_subnet_id + subnet_id = data.azurerm_subnet.web_app.id } resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { name = "diag-${var.tre_id}" target_resource_id = azurerm_app_service.gitea.id - log_analytics_workspace_id = var.log_analytics_workspace_id + log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id log { category = "AppServiceHTTPLogs" @@ -253,7 +253,7 @@ resource "azurerm_key_vault_secret" "gitea_password" { resource "azurerm_storage_share" "gitea" { name = "gitea-data" - storage_account_name = var.storage_account_name + storage_account_name = data.azurerm_storage_account.gitea.name quota = var.gitea_storage_limit } diff --git a/templates/shared_services/gitea/terraform/variables.tf b/templates/shared_services/gitea/terraform/variables.tf index 1582d6544d..4f2993ab86 100644 --- a/templates/shared_services/gitea/terraform/variables.tf +++ b/templates/shared_services/gitea/terraform/variables.tf @@ -26,26 +26,11 @@ variable "storage_account_name" { description = "The name of the storage account to use" } -variable "storage_account_primary_access_key" { - type = string - description = "The Primary Access Key for the storage account" -} - variable "shared_subnet_id" { type = string description = "The ID of the shared subnet in which to create a private endpoint" } -variable "web_app_subnet_id" { - type = string - description = "The ID of the Web App subnet to connect to" -} - -variable "web_app_subnet_address_prefixes" { - type = list(string) - description = "List of address prefixes for the Web App subnet" -} - variable "private_dns_zone_azurewebsites_id" { type = string description = "The ID of the private DNS zone to use for the private endpoint" @@ -62,21 +47,6 @@ variable "gitea_storage_limit" { default = 1024 } -variable "log_analytics_workspace_id" { - type = string - description = "ID of the Log Analytics workspace for TRE" -} - -variable "core_app_service_plan_id" { - type = string - description = "Name of the App Service plan" -} - -variable "core_application_insights_instrumentation_key" { - type = string - description = "Instrumentation key for the Core Application Insights" -} - variable "gitea_allowed_fqdns" { type = string description = "comma seperated string of allowed FQDNs for Gitea" diff --git a/templates/shared_services/sonatype-nexus/terraform/data.tf b/templates/shared_services/sonatype-nexus/terraform/data.tf new file mode 100644 index 0000000000..9eed25b4c8 --- /dev/null +++ b/templates/shared_services/sonatype-nexus/terraform/data.tf @@ -0,0 +1,35 @@ +data "azurerm_log_analytics_workspace" "tre" { + name = "log-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_app_service_plan" "core" { + name = "plan-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_application_insights" "core" { + name = "appi-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_virtual_network" "core" { + name = local.core_vnet + resource_group_name = local.core_resource_group_name +} + +data "azurerm_storage_account" "nexus" { + name = var.storage_account_name + resource_group_name = local.core_resource_group_name +} + +data "azurerm_subnet" "web_app" { + name = "WebAppSubnet" + virtual_network_name = "vnet-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_firewall" "fw" { + name = "fw-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} diff --git a/templates/shared_services/sonatype-nexus/terraform/firewall.tf b/templates/shared_services/sonatype-nexus/terraform/firewall.tf index 7d562f35c9..5a5cfff160 100644 --- a/templates/shared_services/sonatype-nexus/terraform/firewall.tf +++ b/templates/shared_services/sonatype-nexus/terraform/firewall.tf @@ -1,7 +1,7 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet_nexus" { name = "arc-web_app_subnet_nexus" - azure_firewall_name = local.firewall_name - resource_group_name = local.core_resource_group_name + azure_firewall_name = data.azurerm_firewall.fw.name + resource_group_name = data.azurerm_firewall.fw.resource_group_name priority = 104 action = "Allow" @@ -17,6 +17,7 @@ resource "azurerm_firewall_application_rule_collection" "web_app_subnet_nexus" { } target_fqdns = local.nexus_allowed_fqdns_list - source_addresses = var.web_app_subnet_address_prefixes + source_addresses = data.azurerm_subnet.web_app.address_prefixes + } } diff --git a/templates/shared_services/sonatype-nexus/terraform/variables.tf b/templates/shared_services/sonatype-nexus/terraform/variables.tf index 02006e2e29..7d1c197c9f 100644 --- a/templates/shared_services/sonatype-nexus/terraform/variables.tf +++ b/templates/shared_services/sonatype-nexus/terraform/variables.tf @@ -13,11 +13,6 @@ variable "storage_account_name" { description = "The name of the storage account to use" } -variable "storage_account_primary_access_key" { - type = string - description = "The Primary Access Key for the storage account" -} - variable "nexus_storage_limit" { type = number description = "Space allocated in GB for the Nexus data in Azure Files Share" @@ -39,28 +34,8 @@ variable "private_dns_zone_azurewebsites_id" { description = "The ID of the private DNS zone to use for the private endpoint" } -variable "log_analytics_workspace_id" { - type = string - description = "ID of the Log Analytics workspace for TRE" -} - -variable "core_app_service_plan_id" { - type = string - description = "Name of the App Service plan" -} - -variable "core_application_insights_instrumentation_key" { - type = string - description = "Instrumentation key for the Core Application Insights" -} - variable "nexus_allowed_fqdns" { type = string description = "comma seperated string of allowed FQDNs for Nexus" default = "*pypi.org" } - -variable "web_app_subnet_address_prefixes" { - type = list(string) - description = "List of address prefixes for the Web App subnet" -} diff --git a/templates/shared_services/sonatype-nexus/terraform/webapp.tf b/templates/shared_services/sonatype-nexus/terraform/webapp.tf index dd647b082b..3e6bb0c25d 100644 --- a/templates/shared_services/sonatype-nexus/terraform/webapp.tf +++ b/templates/shared_services/sonatype-nexus/terraform/webapp.tf @@ -2,11 +2,11 @@ resource "azurerm_app_service" "nexus" { name = "nexus-${var.tre_id}" resource_group_name = local.core_resource_group_name location = var.location - app_service_plan_id = var.core_app_service_plan_id + app_service_plan_id = data.azurerm_app_service_plan.core.id https_only = true app_settings = { - APPINSIGHTS_INSTRUMENTATIONKEY = var.core_application_insights_instrumentation_key + APPINSIGHTS_INSTRUMENTATIONKEY = data.azurerm_application_insights.core.instrumentation_key WEBSITES_PORT = "8081" # nexus web-ui listens here WEBSITES_CONTAINER_START_TIME_LIMIT = "900" # nexus takes a while to start-up WEBSITE_VNET_ROUTE_ALL = 1 @@ -38,9 +38,9 @@ resource "azurerm_app_service" "nexus" { storage_account { name = "nexus-data" type = "AzureFiles" - account_name = var.storage_account_name + account_name = data.azurerm_storage_account.nexus.name - access_key = var.storage_account_primary_access_key + access_key = data.azurerm_storage_account.nexus.primary_access_key share_name = azurerm_storage_share.nexus.name mount_path = "/nexus-data" } @@ -93,7 +93,7 @@ resource "azurerm_app_service_virtual_network_swift_connection" "nexus-integrate resource "azurerm_monitor_diagnostic_setting" "nexus" { name = "diag-${var.tre_id}" target_resource_id = azurerm_app_service.nexus.id - log_analytics_workspace_id = var.log_analytics_workspace_id + log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id log { category = "AppServiceHTTPLogs" @@ -187,7 +187,7 @@ resource "azurerm_monitor_diagnostic_setting" "nexus" { resource "azurerm_storage_share" "nexus" { name = "nexus-data" - storage_account_name = var.storage_account_name + storage_account_name = data.azurerm_storage_account.nexus.name quota = var.nexus_storage_limit }