Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[cost] Tagging Base workspace #1970

Merged
merged 18 commits into from
Jun 17, 2022
Merged

[cost] Tagging Base workspace #1970

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
607f5d5
Tagging Base workspace
pedro-pelegrin-nttdata Jun 3, 2022
c83ec64
Fixed tre_workspace_id
pedro-pelegrin-nttdata Jun 3, 2022
95e1e4b
Formatting Terraform files
pedro-pelegrin-nttdata Jun 6, 2022
e1d4834
[cost] Tagging base workspace fix
pedro-pelegrin-nttdata Jun 7, 2022
ab8996d
Removed unused variable in workspace
pedro-pelegrin-nttdata Jun 8, 2022
d98c508
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 8, 2022
0e4bf64
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 9, 2022
03b8810
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 9, 2022
cb02006
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 9, 2022
50c79ea
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
pedro-pelegrin-nttdata Jun 15, 2022
17f52c9
Lint (pull_request)
pedro-pelegrin-nttdata Jun 15, 2022
224c1ed
Merge branch 'pedro-pelegrin-nttdata/3917_Tag_Base_workspace' of http…
pedro-pelegrin-nttdata Jun 15, 2022
5f93ef6
terraform files format
pedro-pelegrin-nttdata Jun 15, 2022
140b738
Terraform validation change
pedro-pelegrin-nttdata Jun 15, 2022
28ca699
Copied file from main repo
pedro-pelegrin-nttdata Jun 16, 2022
82f15f9
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 16, 2022
b77766c
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 17, 2022
0bde637
Merge branch 'main' into pedro-pelegrin-nttdata/3917_Tag_Base_workspace
tamirkamara Jun 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions templates/workspaces/base/terraform/aad/aad.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,12 +95,14 @@ resource "azurerm_key_vault_secret" "client_id" {
name = "workspace-client-id"
value = azuread_application.workspace.application_id
key_vault_id = var.key_vault_id
tags = var.tre_workspace_tags
}

resource "azurerm_key_vault_secret" "client_secret" {
name = "workspace-client-secret"
value = azuread_service_principal_password.workspace.value
key_vault_id = var.key_vault_id
tags = var.tre_workspace_tags
}

resource "azuread_app_role_assignment" "workspace_owner" {
Expand Down
1 change: 1 addition & 0 deletions templates/workspaces/base/terraform/aad/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
variable "key_vault_id" {}
variable "workspace_resource_name_suffix" {}
variable "workspace_owner_object_id" {}
variable "tre_workspace_tags" {}
27 changes: 18 additions & 9 deletions templates/workspaces/base/terraform/airlock/eventgrid_topics.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@ resource "azurerm_eventgrid_system_topic" "import_approved_blob_created" {
source_arm_resource_id = azurerm_storage_account.sa_import_approved.id
topic_type = "Microsoft.Storage.StorageAccounts"

tags = {
Publishers = "airlock;approved-import-sa"
}
tags = merge(
var.tre_workspace_tags,
{
Publishers = "airlock;approved-import-sa"
}
)

depends_on = [
azurerm_storage_account.sa_import_approved
Expand All @@ -24,9 +27,12 @@ resource "azurerm_eventgrid_system_topic" "export_inprogress_blob_created" {
source_arm_resource_id = azurerm_storage_account.sa_export_inprogress.id
topic_type = "Microsoft.Storage.StorageAccounts"

tags = {
Publishers = "airlock;inprogress-export-sa"
}
tags = merge(
var.tre_workspace_tags,
{
Publishers = "airlock;inprogress-export-sa"
}
)

depends_on = [
azurerm_storage_account.sa_export_inprogress
Expand All @@ -43,9 +49,12 @@ resource "azurerm_eventgrid_system_topic" "export_rejected_blob_created" {
source_arm_resource_id = azurerm_storage_account.sa_export_rejected.id
topic_type = "Microsoft.Storage.StorageAccounts"

tags = {
Publishers = "airlock;rejected-export-sa"
}
tags = merge(
var.tre_workspace_tags,
{
Publishers = "airlock;rejected-export-sa"
}
)

depends_on = [
azurerm_storage_account.sa_export_rejected
Expand Down
36 changes: 24 additions & 12 deletions templates/workspaces/base/terraform/airlock/storage_accounts.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,12 @@ resource "azurerm_storage_account" "sa_import_approved" {
bypass = ["AzureServices"]
}

tags = {
description = "airlock;import;approved"
}
tags = merge(
var.tre_workspace_tags,
{
description = "airlock;import;approved"
}
)

lifecycle { ignore_changes = [tags] }
}
Expand Down Expand Up @@ -68,9 +71,12 @@ resource "azurerm_storage_account" "sa_export_internal" {
bypass = ["AzureServices"]
}

tags = {
description = "airlock;export;internal"
}
tags = merge(
var.tre_workspace_tags,
{
description = "airlock;export;internal"
}
)

lifecycle { ignore_changes = [tags] }
}
Expand Down Expand Up @@ -115,9 +121,12 @@ resource "azurerm_storage_account" "sa_export_inprogress" {
bypass = ["AzureServices"]
}

tags = {
description = "airlock;export;inprogress"
}
tags = merge(
var.tre_workspace_tags,
{
description = "airlock;export;inprogress"
}
)

lifecycle { ignore_changes = [tags] }
}
Expand Down Expand Up @@ -162,9 +171,12 @@ resource "azurerm_storage_account" "sa_export_rejected" {
bypass = ["AzureServices"]
}

tags = {
description = "airlock;export;rejected"
}
tags = merge(
var.tre_workspace_tags,
{
description = "airlock;export;rejected"
}
)

lifecycle { ignore_changes = [tags] }
}
Expand Down
1 change: 1 addition & 0 deletions templates/workspaces/base/terraform/airlock/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ variable "ws_resource_group_name" {}
variable "enable_local_debugging" {}
variable "services_subnet_id" {}
variable "short_workspace_id" {}
variable "tre_workspace_tags" {}
1 change: 1 addition & 0 deletions templates/workspaces/base/terraform/appserviceplan.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@ resource "azurerm_service_plan" "workspace" {
resource_group_name = azurerm_resource_group.ws.name
os_type = "Linux"
sku_name = var.app_service_plan_sku
tags = local.tre_workspace_tags
}
6 changes: 6 additions & 0 deletions templates/workspaces/base/terraform/keyvault.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ resource "azurerm_key_vault" "kv" {
sku_name = "standard"
purge_protection_enabled = true
tenant_id = data.azurerm_client_config.current.tenant_id
tags = local.tre_workspace_tags

network_acls {
bypass = "AzureServices"
Expand All @@ -19,6 +20,7 @@ resource "azurerm_private_endpoint" "kvpe" {
location = azurerm_resource_group.ws.location
resource_group_name = azurerm_resource_group.ws.name
subnet_id = module.network.services_subnet_id
tags = local.tre_workspace_tags

depends_on = [
module.network,
Expand Down Expand Up @@ -73,12 +75,14 @@ resource "null_resource" "wait_for_dns_vault" {
}

depends_on = [azurerm_private_endpoint.kvpe]

}

resource "azurerm_key_vault_secret" "aad_tenant_id" {
name = "auth-tenant-id"
value = var.auth_tenant_id
key_vault_id = azurerm_key_vault.kv.id
tags = local.tre_workspace_tags
depends_on = [
azurerm_key_vault_access_policy.deployer,
azurerm_key_vault_access_policy.resource_processor,
Expand All @@ -93,6 +97,7 @@ resource "azurerm_key_vault_secret" "client_id" {
value = var.client_id
key_vault_id = azurerm_key_vault.kv.id
count = var.register_aad_application ? 0 : 1
tags = local.tre_workspace_tags
depends_on = [
azurerm_key_vault_access_policy.deployer,
azurerm_key_vault_access_policy.resource_processor,
Expand All @@ -107,6 +112,7 @@ resource "azurerm_key_vault_secret" "client_secret" {
value = var.client_secret
key_vault_id = azurerm_key_vault.kv.id
count = var.register_aad_application ? 0 : 1
tags = local.tre_workspace_tags
depends_on = [
azurerm_key_vault_access_policy.deployer,
azurerm_key_vault_access_policy.resource_processor,
Expand Down
15 changes: 15 additions & 0 deletions templates/workspaces/base/terraform/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
locals {
core_vnet = "vnet-${var.tre_id}"
short_workspace_id = substr(var.tre_resource_id, -4, -1)
core_resource_group_name = "rg-${var.tre_id}"
workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}"
storage_name = lower(replace("stg${substr(local.workspace_resource_name_suffix, -8, -1)}", "-", ""))
keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}")
vnet_subnets = cidrsubnets(var.address_space, 1, 1)
services_subnet_address_prefix = local.vnet_subnets[0]
webapps_subnet_address_prefix = local.vnet_subnets[1]
tre_workspace_tags = {
tre_id = var.tre_id
tre_workspace_id = var.tre_resource_id
}
}
1 change: 1 addition & 0 deletions templates/workspaces/base/terraform/network/network.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ resource "azurerm_virtual_network" "ws" {
location = var.location
resource_group_name = var.ws_resource_group_name
address_space = [var.address_space]
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand Down
1 change: 1 addition & 0 deletions templates/workspaces/base/terraform/network/security.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ resource "azurerm_network_security_group" "ws" {
location = var.location
name = "nsg-ws"
resource_group_name = var.ws_resource_group_name
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand Down
1 change: 1 addition & 0 deletions templates/workspaces/base/terraform/network/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ variable "location" {}
variable "tre_id" {}
variable "address_space" {}
variable "ws_resource_group_name" {}
variable "tre_workspace_tags" {}
variable "tre_resource_id" {}
11 changes: 11 additions & 0 deletions templates/workspaces/base/terraform/network/zone_links.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azurewebsites" {
private_dns_zone_name = data.azurerm_private_dns_zone.azurewebsites.name
virtual_network_id = azurerm_virtual_network.ws.id
registration_enabled = false
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -13,6 +14,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "filecorelink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.filecore.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -22,6 +24,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "blobcorelink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.blobcore.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -31,6 +34,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vaultcorelink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.vaultcore.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -40,6 +44,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azurecrlink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.azurecr.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -49,6 +54,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azuremllink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.azureml.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -58,6 +64,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "azuremlcertlink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.azuremlcert.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -67,6 +74,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "notebookslink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.notebooks.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -76,6 +84,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "mysqllink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.mysql.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -85,6 +94,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "postgreslink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.postgres.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -94,6 +104,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "nexuslink" {
resource_group_name = local.core_resource_group_name
private_dns_zone_name = data.azurerm_private_dns_zone.nexus.name
virtual_network_id = azurerm_virtual_network.ws.id
tags = var.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
3 changes: 3 additions & 0 deletions templates/workspaces/base/terraform/storage.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ resource "azurerm_storage_account" "stg" {
location = azurerm_resource_group.ws.location
account_tier = "Standard"
account_replication_type = "GRS"
tags = local.tre_workspace_tags

lifecycle { ignore_changes = [tags] }
}
Expand Down Expand Up @@ -32,6 +33,7 @@ resource "azurerm_private_endpoint" "stgfilepe" {
location = azurerm_resource_group.ws.location
resource_group_name = azurerm_resource_group.ws.name
subnet_id = module.network.services_subnet_id
tags = local.tre_workspace_tags

depends_on = [
module.network,
Expand All @@ -57,6 +59,7 @@ resource "azurerm_private_endpoint" "stgblobpe" {
location = azurerm_resource_group.ws.location
resource_group_name = azurerm_resource_group.ws.name
subnet_id = module.network.services_subnet_id
tags = local.tre_workspace_tags

depends_on = [
module.network,
Expand Down
11 changes: 0 additions & 11 deletions templates/workspaces/base/terraform/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,14 +100,3 @@ variable "workspace_owner_object_id" {
}


locals {
core_vnet = "vnet-${var.tre_id}"
short_workspace_id = substr(var.tre_resource_id, -4, -1)
core_resource_group_name = "rg-${var.tre_id}"
workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}"
storage_name = lower(replace("stg${substr(local.workspace_resource_name_suffix, -8, -1)}", "-", ""))
keyvault_name = lower("kv-${substr(local.workspace_resource_name_suffix, -20, -1)}")
vnet_subnets = cidrsubnets(var.address_space, 1, 1)
services_subnet_address_prefix = local.vnet_subnets[0]
webapps_subnet_address_prefix = local.vnet_subnets[1]
}
15 changes: 10 additions & 5 deletions templates/workspaces/base/terraform/workspace.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
resource "azurerm_resource_group" "ws" {
location = var.location
name = "rg-${local.workspace_resource_name_suffix}"
tags = {
project = "Azure Trusted Research Environment"
tre_id = var.tre_id
source = "https://github.com/microsoft/AzureTRE/"
}
tags = merge(
local.tre_workspace_tags,
{
project = "Azure Trusted Research Environment",
source = "https://github.com/microsoft/AzureTRE/"
},
)

lifecycle { ignore_changes = [tags] }
}
Expand All @@ -21,10 +23,12 @@ module "network" {
address_space = var.address_space
ws_resource_group_name = azurerm_resource_group.ws.name
tre_resource_id = var.tre_resource_id
tre_workspace_tags = local.tre_workspace_tags
}

module "aad" {
source = "./aad"
tre_workspace_tags = local.tre_workspace_tags
count = var.register_aad_application ? 1 : 0
key_vault_id = azurerm_key_vault.kv.id
workspace_resource_name_suffix = local.workspace_resource_name_suffix
Expand All @@ -40,6 +44,7 @@ module "airlock" {
source = "./airlock"
location = var.location
tre_id = var.tre_id
tre_workspace_tags = local.tre_workspace_tags
ws_resource_group_name = azurerm_resource_group.ws.name
enable_local_debugging = var.enable_local_debugging
services_subnet_id = module.network.services_subnet_id
Expand Down