Skip to content

Commit

Permalink
Changes to fix dependency issues and app insights TF issues (#3581)
Browse files Browse the repository at this point in the history
  • Loading branch information
marrobi authored Jul 20, 2023
1 parent 1bb54d4 commit 6ffc341
Show file tree
Hide file tree
Showing 8 changed files with 72 additions and 14 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,11 @@ BUG FIXES:
* Fix airlock_notifier not getting the right smtp password ([#3561](https://github.com/microsoft/AzureTRE/issues/3561))
* Fix issue when deleting failed resources gives no steps ([#3567](https://github.com/microsoft/AzureTRE/issues/3567))
* Fix airlock_notifier not getting the right smtp password ([#3565](https://github.com/microsoft/AzureTRE/issues/3565))
* Fix issues with networking dependencies and AMPLS deployment ([#3433](https://github.com/microsoft/AzureTRE/issues/3433))
* Update CLI install method to fix dependency issue ([#3601](https://github.com/microsoft/AzureTRE/issues/3601))
* Update Databricks UDRs for west europe and switch to DFS private endpoint. ([[#3582](https://github.com/microsoft/AzureTRE/issues/3582))


COMPONENTS:

## 0.11.0 (April 24, 2023)
Expand Down
5 changes: 5 additions & 0 deletions core/terraform/servicebus.tf
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ resource "azurerm_private_endpoint" "sbpe" {
is_manual_connection = false
subresource_names = ["namespace"]
}

# private endpoints in serial
depends_on = [
azurerm_private_endpoint.filepe
]
}

# Block public access
Expand Down
10 changes: 10 additions & 0 deletions core/terraform/storage.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ resource "azurerm_private_endpoint" "blobpe" {
is_manual_connection = false
subresource_names = ["Blob"]
}

# private endpoints in serial
depends_on = [
azurerm_private_endpoint.kvpe
]
}

resource "azurerm_private_endpoint" "filepe" {
Expand All @@ -56,4 +61,9 @@ resource "azurerm_private_endpoint" "filepe" {
is_manual_connection = false
subresource_names = ["file"]
}

# private endpoints in serial
depends_on = [
azurerm_private_endpoint.blobpe
]
}
2 changes: 1 addition & 1 deletion core/version.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "0.8.1"
__version__ = "0.8.2"
6 changes: 3 additions & 3 deletions templates/workspaces/base/porter.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
schemaVersion: 1.0.0
name: tre-workspace-base
version: 1.3.0
version: 1.4.4
description: "A base Azure TRE workspace"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down Expand Up @@ -146,9 +146,9 @@ outputs:
mixins:
- exec
- terraform:
clientVersion: 1.4.4
clientVersion: 1.4.6
- az:
clientVersion: 2.37.0
clientVersion: 2.49.0

install:
- terraform:
Expand Down
39 changes: 31 additions & 8 deletions templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf
Original file line number Diff line number Diff line change
Expand Up @@ -44,18 +44,41 @@ resource "azurerm_log_analytics_linked_storage_account" "workspace_storage_custo
storage_account_ids = [azurerm_storage_account.app_insights.id]
}

resource "azurerm_monitor_private_link_scope" "workspace" {
name = "ampls-${var.tre_id}-ws-${local.short_workspace_id}"
resource_group_name = var.resource_group_name
tags = var.tre_workspace_tags
# TODO: Switch to azurerm once the followiung issue is resolved: https://github.com/microsoft/AzureTRE/issues/3625
# resource "azurerm_monitor_private_link_scope" "workspace" {
# name = "ampls-${var.tre_id}-ws-${local.short_workspace_id}"
# resource_group_name = var.resource_group_name
# tags = var.tre_workspace_tags

# lifecycle { ignore_changes = [tags] }
# }

resource "azapi_resource" "ampls_workspace" {
type = "microsoft.insights/privateLinkScopes@2021-07-01-preview"
name = "ampls-${var.tre_id}-ws-${local.short_workspace_id}"
parent_id = var.resource_group_id
location = "global"
tags = var.tre_workspace_tags

body = jsonencode({
properties = {
accessModeSettings = {
ingestionAccessMode = "PrivateOnly"
queryAccessMode = "PrivateOnly"
}
}
})

response_export_values = [
"id"
]

lifecycle { ignore_changes = [tags] }
}

resource "azurerm_monitor_private_link_scoped_service" "ampls_log_anaytics" {
name = "ampls-log-anaytics-service"
resource_group_name = var.resource_group_name
scope_name = azurerm_monitor_private_link_scope.workspace.name
scope_name = azapi_resource.ampls_workspace.name
linked_resource_id = azurerm_log_analytics_workspace.workspace.id
}

Expand Down Expand Up @@ -106,7 +129,7 @@ resource "azapi_resource" "appinsights" {
resource "azurerm_monitor_private_link_scoped_service" "ampls_app_insights" {
name = "ampls-app-insights-service"
resource_group_name = var.resource_group_name
scope_name = azurerm_monitor_private_link_scope.workspace.name
scope_name = azapi_resource.ampls_workspace.name

# linked_resource_id = azurerm_application_insights.workspace.id
linked_resource_id = jsondecode(azapi_resource.appinsights.output).id
Expand All @@ -122,7 +145,7 @@ resource "azurerm_private_endpoint" "azure_monitor_private_endpoint" {
lifecycle { ignore_changes = [tags] }

private_service_connection {
private_connection_resource_id = azurerm_monitor_private_link_scope.workspace.id
private_connection_resource_id = jsondecode(azapi_resource.ampls_workspace.output).id
name = "psc-ampls-${var.tre_id}-ws-${local.short_workspace_id}"
subresource_names = ["azuremonitor"]
is_manual_connection = false
Expand Down
13 changes: 12 additions & 1 deletion templates/workspaces/base/terraform/network/network.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,11 @@ resource "azurerm_virtual_network_peering" "ws_core_peer" {
triggers = {
remote_address_space = join(",", data.azurerm_virtual_network.core.address_space)
}

# meant to resolve AnotherOperation errors with one operation in the vnet at a time
depends_on = [
azurerm_subnet.webapps
]
}

moved {
Expand All @@ -67,6 +72,12 @@ resource "azurerm_virtual_network_peering" "core_ws_peer" {
triggers = {
remote_address_space = join(",", azurerm_virtual_network.ws.address_space)
}

# meant to resolve AnotherOperation errors with one operation in the vnet at a time
depends_on = [
azurerm_virtual_network_peering.ws_core_peer
]

}

moved {
Expand All @@ -79,7 +90,7 @@ resource "azurerm_subnet_route_table_association" "rt_services_subnet_associatio
subnet_id = azurerm_subnet.services.id
depends_on = [
# meant to resolve AnotherOperation errors with one operation in the vnet at a time
azurerm_subnet.webapps
azurerm_virtual_network_peering.core_ws_peer
]
}

Expand Down
9 changes: 8 additions & 1 deletion templates/workspaces/base/terraform/storage.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ resource "azurerm_storage_container" "stgcontainer" {
name = "datalake"
storage_account_name = azurerm_storage_account.stg.name
container_access_type = "private"

depends_on = [
azurerm_private_endpoint.stgblobpe,
azurerm_storage_account_network_rules.stgrules
]
}

resource "azurerm_storage_account_network_rules" "stgrules" {
Expand All @@ -43,7 +48,7 @@ resource "azurerm_private_endpoint" "stgfilepe" {
tags = local.tre_workspace_tags

depends_on = [
module.network,
module.network
]

lifecycle { ignore_changes = [tags] }
Expand All @@ -70,6 +75,7 @@ resource "azurerm_private_endpoint" "stgblobpe" {

depends_on = [
module.network,
azurerm_private_endpoint.stgfilepe
]

lifecycle { ignore_changes = [tags] }
Expand All @@ -96,6 +102,7 @@ resource "azurerm_private_endpoint" "stgdfspe" {

depends_on = [
module.network,
azurerm_private_endpoint.stgblobpe
]

lifecycle { ignore_changes = [tags] }
Expand Down

0 comments on commit 6ffc341

Please sign in to comment.