Serverless CosmosDB for new deployments (#3029)

* new state store/cosmos to serverless * remove data objects * changelog * lint
microsoft · Jan 1, 2023 · c245a08 · c245a08
1 parent 207ae82
commit c245a08
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 27 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,7 @@ ENHANCEMENTS:
 * Add the ability for workspace services to request addional address spaces from a workspace ([#2902](https://github.com/microsoft/AzureTRE/pull/2902))
 * Airlock processor function and api app service work with http2
 * Added the option to disable Swagger ([#2981](https://github.com/microsoft/AzureTRE/pull/2981))
+* Serverless CosmosDB for new deployments to reduce cost ([#3029](https://github.com/microsoft/AzureTRE/pull/3029))
 
 
 BUG FIXES:

diff --git a/core/terraform/deploy.sh b/core/terraform/deploy.sh
@@ -7,7 +7,8 @@ set -o nounset
 
 # This is where we can migrate any Terraform before we plan and apply
 # For instance deprecated Terraform resources
-./migrate.sh
+# shellcheck disable=SC1091
+source ./migrate.sh
 
 PLAN_FILE="tfplan$$"
 TS=$(date +"%s")

diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh
@@ -158,4 +158,15 @@ if [ -n "${api_vnet_integration}" ]; then
     terraform apply -input=false -auto-approve ${PLAN_FILE}"
 fi
 
+# this isn't a classic migration, but impacts how terraform handles the deployment in the next phase
+state_store_serverless=$(echo "${terraform_show_json}" \
+  | jq 'select(.values.root_module.resources != null) | .values.root_module.resources[] | select(.address=="azurerm_cosmosdb_account.tre_db_account") | any(.values.capabilities[]; .name=="EnableServerless")')
+# false = resource EXITS in the state WITHOUT the serverless capability.
+# true = exists with the capability, empty value = resource doesn't exist.
+if [ "${state_store_serverless}" == "false" ]; then
+  echo "Identified CosmosDB with defined throughput."
+  TF_VAR_is_cosmos_defined_throughput="true"
+  export TF_VAR_is_cosmos_defined_throughput
+fi
+
 echo "*** Migration is done. ***"
diff --git a/core/terraform/network/outputs.tf b/core/terraform/network/outputs.tf
@@ -40,10 +40,6 @@ output "resource_processor_subnet_id" {
 
 # DNS Zones
 
-output "private_dns_zone_mysql_id" {
-  value = azurerm_private_dns_zone.mysql.id
-}
-
 output "azure_monitor_dns_zone_id" {
   value = azurerm_private_dns_zone.azure_monitor.id
 }

diff --git a/core/terraform/statestore.tf b/core/terraform/statestore.tf
@@ -8,6 +8,14 @@ resource "azurerm_cosmosdb_account" "tre_db_account" {
   ip_range_filter           = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}"
   tags                      = local.tre_core_tags
 
+  dynamic "capabilities" {
+    # We can't change an existing cosmos
+    for_each = var.is_cosmos_defined_throughput ? [] : [1]
+    content {
+      name = "EnableServerless"
+    }
+  }
+
   consistency_policy {
     consistency_level       = "BoundedStaleness"
     max_interval_in_seconds = 10
@@ -31,7 +39,6 @@ resource "azurerm_cosmosdb_sql_database" "tre_db" {
   name                = "AzureTRE"
   resource_group_name = azurerm_resource_group.core.name
   account_name        = azurerm_cosmosdb_account.tre_db_account.name
-  throughput          = 400
 }
 
 moved {

diff --git a/core/terraform/storage.tf b/core/terraform/storage.tf
@@ -15,15 +15,6 @@ resource "azurerm_storage_share" "storage_state_path" {
   quota                = 50
 }
 
-data "azurerm_private_dns_zone" "blobcore" {
-  name                = "privatelink.blob.core.windows.net"
-  resource_group_name = azurerm_resource_group.core.name
-
-  depends_on = [
-    module.network,
-  ]
-}
-
 resource "azurerm_private_endpoint" "blobpe" {
   name                = "pe-blob-${var.tre_id}"
   location            = azurerm_resource_group.core.location
@@ -34,7 +25,7 @@ resource "azurerm_private_endpoint" "blobpe" {
 
   private_dns_zone_group {
     name                 = "private-dns-zone-group-blobcore"
-    private_dns_zone_ids = [data.azurerm_private_dns_zone.blobcore.id]
+    private_dns_zone_ids = [module.network.blob_core_dns_zone_id]
   }
 
   private_service_connection {
@@ -45,15 +36,6 @@ resource "azurerm_private_endpoint" "blobpe" {
   }
 }
 
-data "azurerm_private_dns_zone" "filecore" {
-  name                = "privatelink.file.core.windows.net"
-  resource_group_name = azurerm_resource_group.core.name
-
-  depends_on = [
-    module.network,
-  ]
-}
-
 resource "azurerm_private_endpoint" "filepe" {
   name                = "pe-file-${var.tre_id}"
   location            = azurerm_resource_group.core.location
@@ -65,7 +47,7 @@ resource "azurerm_private_endpoint" "filepe" {
 
   private_dns_zone_group {
     name                 = "private-dns-zone-group-filecore"
-    private_dns_zone_ids = [data.azurerm_private_dns_zone.filecore.id]
+    private_dns_zone_ids = [module.network.file_core_dns_zone_id]
   }
 
   private_service_connection {

diff --git a/core/terraform/variables.tf b/core/terraform/variables.tf
@@ -165,3 +165,8 @@ variable "rp_bundle_values" {
   type        = map(string)
   default     = {}
 }
+
+variable "is_cosmos_defined_throughput" {
+  type    = bool
+  default = false
+}
diff --git a/core/version.txt b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.5.1"
+__version__ = "0.5.2"