Apply missing lifecycle blocks. (#3670)

microsoft · Aug 14, 2023 · 2c872cf · 2c872cf
1 parent c3f144f
commit 2c872cf
Show file tree

Hide file tree

Showing 62 changed files with 188 additions and 25 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,12 +1,15 @@
 <!-- markdownlint-disable MD041 -->
 ## 0.14.0 (Unreleased)
+
 FEATURES:
 
 ENHANCEMENTS:
 
 BUG FIXES:
+* Apply missing lifecycle blocks. ([#3670](https://github.com/microsoft/AzureTRE/issues/3670))
 * Outputs of type boolean are stored as strings ([#3655](https://github.com/microsoft/AzureTRE/pulls/3655))
 
+
 ## 0.13.0 (August 9, 2023)
 
 BUG FIXES:

diff --git a/core/terraform/azure-monitor/query.tf b/core/terraform/azure-monitor/query.tf
@@ -3,6 +3,8 @@ resource "azurerm_log_analytics_query_pack" "tre" {
   resource_group_name = var.resource_group_name
   location            = var.location
   tags                = var.tre_core_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_log_analytics_query_pack_query" "rp_logs" {

diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf
@@ -99,4 +99,6 @@ resource "azurerm_key_vault_secret" "cosmos_mongo_connstr" {
   depends_on = [
     azurerm_key_vault_access_policy.deployer
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
diff --git a/core/terraform/keyvault.tf b/core/terraform/keyvault.tf
@@ -70,6 +70,8 @@ resource "azurerm_key_vault_secret" "api_client_id" {
   depends_on = [
     azurerm_key_vault_access_policy.deployer
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_key_vault_secret" "api_client_secret" {
@@ -80,6 +82,8 @@ resource "azurerm_key_vault_secret" "api_client_secret" {
   depends_on = [
     azurerm_key_vault_access_policy.deployer
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_key_vault_secret" "auth_tenant_id" {
@@ -90,6 +94,8 @@ resource "azurerm_key_vault_secret" "auth_tenant_id" {
   depends_on = [
     azurerm_key_vault_access_policy.deployer
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_key_vault_secret" "application_admin_client_id" {
@@ -100,6 +106,8 @@ resource "azurerm_key_vault_secret" "application_admin_client_id" {
   depends_on = [
     azurerm_key_vault_access_policy.deployer
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_key_vault_secret" "application_admin_client_secret" {
@@ -110,6 +118,8 @@ resource "azurerm_key_vault_secret" "application_admin_client_secret" {
   depends_on = [
     azurerm_key_vault_access_policy.deployer
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_monitor_diagnostic_setting" "kv" {

diff --git a/core/terraform/network/network_security_groups.tf b/core/terraform/network/network_security_groups.tf
@@ -101,6 +101,8 @@ resource "azurerm_network_security_group" "bastion" {
     source_address_prefix      = "*"
     destination_address_prefix = "Internet"
   }
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_subnet_network_security_group_association" "bastion" {
@@ -141,6 +143,8 @@ resource "azurerm_network_security_group" "app_gw" {
     source_address_prefix      = "Internet"
     destination_address_prefix = "*"
   }
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_subnet_network_security_group_association" "app_gw" {
@@ -156,6 +160,8 @@ resource "azurerm_network_security_group" "default_rules" {
   location            = var.location
   resource_group_name = var.resource_group_name
   tags                = local.tre_core_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_subnet_network_security_group_association" "shared" {

diff --git a/core/terraform/notebooks.tf b/core/terraform/notebooks.tf
@@ -12,4 +12,6 @@ resource "azurerm_application_insights_workbook" "firewall" {
   display_name        = "Azure Firewall Workbook ${var.tre_id}"
   data_json           = data.http.firewall_workbook_json.response_body
   tags                = local.tre_core_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
diff --git a/core/terraform/resource_processor/vmss_porter/main.tf b/core/terraform/resource_processor/vmss_porter/main.tf
@@ -38,6 +38,8 @@ resource "azurerm_key_vault_secret" "resource_processor_vmss_password" {
   value        = random_password.password.result
   key_vault_id = var.key_vault_id
   tags         = local.tre_core_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_user_assigned_identity" "vmss_msi" {

diff --git a/core/version.txt b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.8.5"
+__version__ = "0.8.6"
diff --git a/templates/shared_services/admin-vm/porter.yaml b/templates/shared_services/admin-vm/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-admin-vm
-version: 0.4.0
+version: 0.4.3
 description: "An admin vm shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

diff --git a/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf b/templates/shared_services/admin-vm/terraform/admin-jumpbox.tf
@@ -9,6 +9,8 @@ resource "azurerm_network_interface" "jumpbox_nic" {
     subnet_id                     = data.azurerm_subnet.shared.id
     private_ip_address_allocation = "Dynamic"
   }
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "random_password" "password" {
@@ -47,13 +49,17 @@ resource "azurerm_windows_virtual_machine" "jumpbox" {
     caching              = "ReadWrite"
     storage_account_type = "Standard_LRS"
   }
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_key_vault_secret" "jumpbox_credentials" {
   name         = "${azurerm_windows_virtual_machine.jumpbox.name}-jumpbox-password"
   value        = random_password.password.result
   key_vault_id = data.azurerm_key_vault.keyvault.id
   tags         = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_virtual_machine_extension" "antimalware" {
@@ -68,4 +74,6 @@ resource "azurerm_virtual_machine_extension" "antimalware" {
   settings = jsonencode({
     "AntimalwareEnabled" = true
   })
+
+  lifecycle { ignore_changes = [tags] }
 }
diff --git a/templates/shared_services/cyclecloud/porter.yaml b/templates/shared_services/cyclecloud/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-cyclecloud
-version: 0.5.2
+version: 0.5.4
 description: "An Azure TRE Shared Service Template for Azure Cyclecloud"
 registry: azuretre
 dockerfile: Dockerfile.tmpl

diff --git a/templates/shared_services/cyclecloud/terraform/cyclecloud.tf b/templates/shared_services/cyclecloud/terraform/cyclecloud.tf
@@ -79,6 +79,8 @@ resource "azurerm_key_vault_secret" "cyclecloud_password" {
   value        = "${random_string.username.result}\n${random_password.password.result}"
   key_vault_id = data.azurerm_key_vault.core.id
   tags         = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 data "azurerm_subscription" "primary" {
@@ -102,6 +104,8 @@ resource "azurerm_network_interface" "cyclecloud" {
     subnet_id                     = data.azurerm_subnet.shared.id
     private_ip_address_allocation = "Dynamic"
   }
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_private_dns_zone" "cyclecloud" {
@@ -118,6 +122,8 @@ resource "azurerm_private_dns_zone_virtual_network_link" "cyclecloud_core_vnet"
   private_dns_zone_name = azurerm_private_dns_zone.cyclecloud.name
   virtual_network_id    = data.azurerm_virtual_network.core.id
   tags                  = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_private_dns_a_record" "cyclecloud_vm" {
@@ -127,5 +133,7 @@ resource "azurerm_private_dns_a_record" "cyclecloud_vm" {
   ttl                 = 300
   records             = [azurerm_network_interface.cyclecloud.private_ip_address]
   tags                = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
diff --git a/templates/shared_services/cyclecloud/terraform/storage.tf b/templates/shared_services/cyclecloud/terraform/storage.tf
@@ -5,6 +5,8 @@ resource "azurerm_storage_account" "cyclecloud" {
   account_tier             = "Standard"
   account_replication_type = "GRS"
   tags                     = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 data "azurerm_private_dns_zone" "blobcore" {

diff --git a/templates/shared_services/databricks-auth/porter.yaml b/templates/shared_services/databricks-auth/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-databricks-private-auth
-version: 0.1.3
+version: 0.1.5
 description: "An Azure TRE shared service for Azure Databricks authentication."
 registry: azuretre
 dockerfile: Dockerfile.tmpl

diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-firewall
-version: 1.1.1
+version: 1.1.3
 description: "An Azure TRE Firewall shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-gitea
-version: 0.6.3
+version: 0.6.5
 description: "A Gitea shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf
@@ -168,6 +168,8 @@ resource "azurerm_key_vault_secret" "gitea_password" {
   depends_on = [
     azurerm_key_vault_access_policy.gitea_policy
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_storage_share" "gitea" {

diff --git a/templates/shared_services/gitea/terraform/mysql.tf b/templates/shared_services/gitea/terraform/mysql.tf
@@ -71,4 +71,6 @@ resource "azurerm_key_vault_secret" "db_password" {
   depends_on = [
     azurerm_key_vault_access_policy.gitea_policy
   ]
+
+  lifecycle { ignore_changes = [tags] }
 }
diff --git a/templates/shared_services/sonatype-nexus-vm/porter.yaml b/templates/shared_services/sonatype-nexus-vm/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-sonatype-nexus
-version: 2.5.3
+version: 2.5.6
 description: "A Sonatype Nexus shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

diff --git a/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf b/templates/shared_services/sonatype-nexus-vm/terraform/vm.tf
@@ -9,6 +9,8 @@ resource "azurerm_network_interface" "nexus" {
     subnet_id                     = data.azurerm_subnet.shared.id
     private_ip_address_allocation = "Dynamic"
   }
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_private_dns_zone_virtual_network_link" "nexus_core_vnet" {
@@ -17,6 +19,8 @@ resource "azurerm_private_dns_zone_virtual_network_link" "nexus_core_vnet" {
   private_dns_zone_name = data.azurerm_private_dns_zone.nexus.name
   virtual_network_id    = data.azurerm_virtual_network.core.id
   tags                  = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_private_dns_a_record" "nexus_vm" {
@@ -26,6 +30,8 @@ resource "azurerm_private_dns_a_record" "nexus_vm" {
   ttl                 = 300
   records             = [azurerm_linux_virtual_machine.nexus.private_ip_address]
   tags                = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "random_password" "nexus_vm_password" {
@@ -59,13 +65,17 @@ resource "azurerm_key_vault_secret" "nexus_vm_password" {
   value        = random_password.nexus_vm_password.result
   key_vault_id = data.azurerm_key_vault.kv.id
   tags         = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_key_vault_secret" "nexus_admin_password" {
   name         = "nexus-admin-password"
   value        = random_password.nexus_admin_password.result
   key_vault_id = data.azurerm_key_vault.kv.id
   tags         = local.tre_shared_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_user_assigned_identity" "nexus_msi" {
@@ -222,4 +232,6 @@ resource "azurerm_virtual_machine_extension" "keyvault" {
       "msiClientId" : azurerm_user_assigned_identity.nexus_msi.client_id
     }
   })
+
+  lifecycle { ignore_changes = [tags] }
 }
diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-service-azureml
-version: 0.8.8
+version: 0.8.10
 description: "An Azure TRE service for Azure Machine Learning"
 registry: azuretre
 dockerfile: Dockerfile.tmpl

diff --git a/templates/workspace_services/azureml/terraform/compute.tf b/templates/workspace_services/azureml/terraform/compute.tf
@@ -16,6 +16,8 @@ resource "azurerm_key_vault_secret" "aml_password" {
   value        = random_password.password.result
   key_vault_id = data.azurerm_key_vault.ws.id
   tags         = local.tre_workspace_service_tags
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 

diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf
@@ -56,6 +56,8 @@ resource "azapi_resource" "aml_service_endpoint_policy" {
       ]
     }
   })
+
+  lifecycle { ignore_changes = [tags] }
 }
 
 resource "azurerm_subnet" "aml" {

diff --git a/templates/workspace_services/azureml/terraform/storage.tf b/templates/workspace_services/azureml/terraform/storage.tf
@@ -9,7 +9,7 @@ resource "azurerm_storage_account" "aml" {
     default_action = "Deny"
   }
 
-
+  lifecycle { ignore_changes = [tags] }
 }
 
 data "azurerm_private_dns_zone" "blobcore" {

diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-user-resource-aml-compute-instance
-version: 0.5.5
+version: 0.5.7
 description: "Azure Machine Learning Compute Instance"
 registry: azuretre
 dockerfile: Dockerfile.tmpl

diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf
@@ -26,4 +26,6 @@ resource "azapi_resource" "compute_instance" {
       }
     }
   })
+
+  lifecycle { ignore_changes = [tags] }
 }
diff --git a/templates/workspace_services/databricks/porter.yaml b/templates/workspace_services/databricks/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-service-databricks
-version: 1.0.1
+version: 1.0.3
 description: "An Azure TRE service for Azure Databricks."
 registry: azuretre
 dockerfile: Dockerfile.tmpl

diff --git a/templates/workspace_services/gitea/porter.yaml b/templates/workspace_services/gitea/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-workspace-service-gitea
-version: 0.8.3
+version: 0.8.5
 description: "A Gitea workspace service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre
-Original file line number
+Diff line change
@@ Expand Up / @@ -56,6 +56,8 @@ resource "azapi_resource" "aml_service_endpoint_policy" { @@
           ]
         }
       })
+      lifecycle { ignore_changes = [tags] }
     }
     resource "azurerm_subnet" "aml" {
@@ Expand Down @@