From ed1454919a9821670a26876be20e7ca5df6bf17a Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 28 Aug 2022 11:57:04 +0000 Subject: [PATCH 1/3] Gitea shared service supports app-service S* SKUs --- templates/shared_services/gitea/porter.yaml | 2 +- .../gitea/terraform/.terraform.lock.hcl | 58 +++++++++--------- .../shared_services/gitea/terraform/data.tf | 9 ++- .../gitea/terraform/gitea-webapp.tf | 60 +++++++------------ .../shared_services/gitea/terraform/locals.tf | 4 ++ .../shared_services/gitea/terraform/main.tf | 4 +- .../shared_services/gitea/terraform/mysql.tf | 2 +- .../gitea/terraform/outputs.tf | 2 +- 8 files changed, 68 insertions(+), 73 deletions(-) diff --git a/templates/shared_services/gitea/porter.yaml b/templates/shared_services/gitea/porter.yaml index f25cf7972c..b5a59bee42 100644 --- a/templates/shared_services/gitea/porter.yaml +++ b/templates/shared_services/gitea/porter.yaml @@ -1,6 +1,6 @@ --- name: tre-shared-service-gitea -version: 0.3.11 +version: 0.3.12 description: "A Gitea shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/gitea/terraform/.terraform.lock.hcl b/templates/shared_services/gitea/terraform/.terraform.lock.hcl index 312b2e6f7e..618020bfd7 100644 --- a/templates/shared_services/gitea/terraform/.terraform.lock.hcl +++ b/templates/shared_services/gitea/terraform/.terraform.lock.hcl @@ -2,27 +2,28 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.16.0" - constraints = "3.16.0" + version = "3.20.0" + constraints = "3.20.0" hashes = [ - "h1:cBZXnJ4WErrhAzoQ1IMUMkpRlUmr8KQ2a0vLKH6B2a8=", - "zh:02aecc67db3f7cf19bd39ed454824422c43a5dc9f18b44d9547bb79ba66e0beb", - "zh:1775b033e3a29395087d731387efc926251232c4469a6c262f7039669e2f3aed", - "zh:1b955c3134b8fa61486383fee609bc99e46883c9b5148cb8d3bdc3d6d25b1e5e", - "zh:1ca04c35917fcf9f15aa2f24ef52b823575efa213fcb6d241cd189fddb032268", - "zh:20663ca219acc95d1de2129aac941f08eca1093c61cd6775e9c0b239b70a573e", - "zh:28427df342789f106ce500a489c750d7971d67cb58c495274878dc55d52452fe", - "zh:2a2e0755b9ebedbb4dd55de53191ce02e0a5511648610bf816532cd1614f2d7a", - "zh:5cc4c086ff081379070ea8177025a92a53e3c7bec2eabbf8182efa146e05b371", - "zh:5df50ae712c2b6e850b5953d5b89a29aca98ef1ae5fac4cb9225080ac319207c", - "zh:944ec6ceac2a1af58b58c270db90992d5f32614714647f6086ebc42789fa0f15", - "zh:f1e2df2f7db13b234d2cfa5d7c70054df4039532829be6ce8ed11c6f99ba0cf5", + "h1:heH/4bYgajEFQ+fwSV9Zduvpyb7eTCQUv+gl201EFg8=", + "zh:0d534bb2fed67b5b58d3adb2b0be7a9986f62b34f40eae450dafc9454fb54db8", + "zh:19f6d5f196a35500e0f1ae9d9baee44f49b90858524338a7b8aaec06d3e3a047", + "zh:1d042648d2eaffde8858a8006b944374599c5e8c2f834ae74b97adedd1468142", + "zh:278ebac38cf3c1e6df4bc5de00e931bfc04298607f428aa84a932bbf26dee421", + "zh:48f29b802e2de7e6dd2452a012c633686fce5d7ad3eadb490a7b8c0967a9ebfa", + "zh:731bf2e97c4a519723682beb2e85e065bf0bf53b2f50e2ff7b15b39ea74e37ff", + "zh:7c8187ebca19ca8f6ef82d3d79a418ccfa6574bb99e63cc930fa46ff938a7921", + "zh:82fdb2052601f6fa925195e77506fb609ce8bb4a6f6e94cf6a5058252ef570d4", + "zh:995ca23bb3765a16c6b3138b468d920acff5742b22492324c836579e3344ea40", + "zh:a970131232ad41203382f6fa3f0014a22767cbfe28cd7562346184ea6e678d63", + "zh:bf5036675a7f0b8691fe393e2782a76c7943ba17eec7255e16a31c7547436a48", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/local" { - version = "2.2.3" + version = "2.2.3" + constraints = "~> 2.2.0" hashes = [ "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", @@ -41,20 +42,21 @@ provider "registry.terraform.io/hashicorp/local" { } provider "registry.terraform.io/hashicorp/random" { - version = "3.2.0" + version = "3.3.2" + constraints = "~> 3.3.0" hashes = [ - "h1:eeUh6cJ6wKLLuo4q9uQ0CA1Zvfqya4Wn1LecLCN8KKs=", - "zh:2960977ce9a7d6a7d3e934e75ec5814735626f95c186ad95a9102344a1a38ac1", - "zh:2fd012abfabe7076f3f2f402eeef4970e20574d20ffec57c162b02b6e848c32f", - "zh:4cd3234671cf01c913023418b227eb78b0659f2cd2e0b387be1f0bb607d29889", - "zh:52e695b4fa3fae735ffc901edff8183745f980923510a744db7616e8f10dc499", + "h1:H5V+7iXol/EHB2+BUMzGlpIiCOdV74H8YjzCxnSAWcg=", + "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c", + "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8", + "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32", + "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30", + "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0", + "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:848b4a294e5ba15192ee4bfd199c07f60a437d7572efcd2d89db036e1ebc0e6e", - "zh:9d49aa432a05748a9527e95448cebee1238c87c97c7e8dec694bfd709683f9c7", - "zh:b4ad4cf289d3f7408649b74b8639918833613f2a1f3cf51b51f4b2fdaa412dd2", - "zh:c1544c4b416096fb8d8dbf84c4488584a2844a30dd533b957e9e9e60a165f24e", - "zh:dc737d6b4591cad8c9a1d0b347e587e846d8d901789b29b4dd401b6cdf82c017", - "zh:f5645fd39f749dbbf847cbdc87ba0dbd141143f12917a6a8904faf8a9b64111e", - "zh:fdedf610e0d020878a8f1fedda8105e0c33a7e23c4792fca54460685552de308", + "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938", + "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8", + "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912", + "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9", + "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2", ] } diff --git a/templates/shared_services/gitea/terraform/data.tf b/templates/shared_services/gitea/terraform/data.tf index 3ce9d76abb..4c2d8becd3 100644 --- a/templates/shared_services/gitea/terraform/data.tf +++ b/templates/shared_services/gitea/terraform/data.tf @@ -3,7 +3,7 @@ data "azurerm_log_analytics_workspace" "tre" { resource_group_name = local.core_resource_group_name } -data "azurerm_app_service_plan" "core" { +data "azurerm_service_plan" "core" { name = "plan-${var.tre_id}" resource_group_name = local.core_resource_group_name } @@ -52,3 +52,10 @@ data "azurerm_key_vault" "keyvault" { data "azurerm_resource_group" "rg" { name = local.core_resource_group_name } + +data "azurerm_monitor_diagnostic_categories" "webapp" { + resource_id = data.azurerm_service_plan.core.id + depends_on = [ + azurerm_linux_web_app.gitea, + ] +} diff --git a/templates/shared_services/gitea/terraform/gitea-webapp.tf b/templates/shared_services/gitea/terraform/gitea-webapp.tf index e2ccaaa07e..9fc22dd910 100644 --- a/templates/shared_services/gitea/terraform/gitea-webapp.tf +++ b/templates/shared_services/gitea/terraform/gitea-webapp.tf @@ -17,13 +17,14 @@ resource "azurerm_user_assigned_identity" "gitea_id" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_app_service" "gitea" { +resource "azurerm_linux_web_app" "gitea" { name = local.webapp_name resource_group_name = local.core_resource_group_name location = data.azurerm_resource_group.rg.location - app_service_plan_id = data.azurerm_app_service_plan.core.id + service_plan_id = data.azurerm_service_plan.core.id https_only = true key_vault_reference_identity_id = azurerm_user_assigned_identity.gitea_id.id + virtual_network_subnet_id = data.azurerm_subnet.web_app.id tags = local.tre_shared_service_tags app_settings = { @@ -59,27 +60,16 @@ resource "azurerm_app_service" "gitea" { } site_config { - linux_fx_version = "DOCKER|${data.azurerm_container_registry.mgmt_acr.login_server}/microsoft/azuretre/gitea:${local.version}" - remote_debugging_enabled = false - scm_use_main_ip_restriction = true - acr_use_managed_identity_credentials = true - acr_user_managed_identity_client_id = azurerm_user_assigned_identity.gitea_id.client_id - ftps_state = "Disabled" - websockets_enabled = false - always_on = true - min_tls_version = "1.2" - vnet_route_all_enabled = true - - cors { - allowed_origins = [] - support_credentials = false - } - - ip_restriction { - action = "Deny" - ip_address = "0.0.0.0/0" - name = "Deny all" - priority = 2147483647 + container_registry_use_managed_identity = true + container_registry_managed_identity_client_id = azurerm_user_assigned_identity.gitea_id.client_id + ftps_state = "Disabled" + always_on = true + minimum_tls_version = "1.2" + vnet_route_all_enabled = true + + application_stack { + docker_image = "${data.azurerm_container_registry.mgmt_acr.login_server}/microsoft/azuretre/gitea" + docker_image_tag = local.version } } @@ -87,11 +77,9 @@ resource "azurerm_app_service" "gitea" { name = "gitea-data" type = "AzureFiles" account_name = data.azurerm_storage_account.gitea.name - - access_key = data.azurerm_storage_account.gitea.primary_access_key - share_name = azurerm_storage_share.gitea.name - - mount_path = "/data" + access_key = data.azurerm_storage_account.gitea.primary_access_key + share_name = azurerm_storage_share.gitea.name + mount_path = "/data" } logs { @@ -120,7 +108,7 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" { tags = local.tre_shared_service_tags private_service_connection { - private_connection_resource_id = azurerm_app_service.gitea.id + private_connection_resource_id = azurerm_linux_web_app.gitea.id name = "psc-${local.webapp_name}" subresource_names = ["sites"] is_manual_connection = false @@ -134,25 +122,19 @@ resource "azurerm_private_endpoint" "gitea_private_endpoint" { lifecycle { ignore_changes = [tags] } } -resource "azurerm_app_service_virtual_network_swift_connection" "gitea_integrated_vnet" { - app_service_id = azurerm_app_service.gitea.id - subnet_id = data.azurerm_subnet.web_app.id -} - resource "azurerm_monitor_diagnostic_setting" "webapp_gitea" { name = "diag-${var.tre_id}" - target_resource_id = azurerm_app_service.gitea.id + target_resource_id = azurerm_linux_web_app.gitea.id log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id dynamic "log" { - for_each = toset(["AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs", "AppServiceFileAuditLogs", - "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs"]) + for_each = data.azurerm_monitor_diagnostic_categories.webapp.logs content { category = log.value - enabled = true + enabled = contains(local.webapp_diagnostic_categories_enabled, log.value) ? true : false retention_policy { - enabled = true + enabled = contains(local.webapp_diagnostic_categories_enabled, log.value) ? true : false days = 365 } } diff --git a/templates/shared_services/gitea/terraform/locals.tf b/templates/shared_services/gitea/terraform/locals.tf index b20736b615..c94d50a73e 100644 --- a/templates/shared_services/gitea/terraform/locals.tf +++ b/templates/shared_services/gitea/terraform/locals.tf @@ -11,4 +11,8 @@ locals { tre_id = var.tre_id tre_shared_service_id = var.tre_resource_id } + webapp_diagnostic_categories_enabled = [ + "AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs", "AppServiceFileAuditLogs", + "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs" + ] } diff --git a/templates/shared_services/gitea/terraform/main.tf b/templates/shared_services/gitea/terraform/main.tf index 129c0dc674..204336e711 100644 --- a/templates/shared_services/gitea/terraform/main.tf +++ b/templates/shared_services/gitea/terraform/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.16.0" + version = "=3.20.0" } local = { source = "hashicorp/local" @@ -11,7 +11,7 @@ terraform { } random = { source = "hashicorp/random" - version = "~> 3.2.0" + version = "~> 3.3.0" } } diff --git a/templates/shared_services/gitea/terraform/mysql.tf b/templates/shared_services/gitea/terraform/mysql.tf index 427429922b..182d50fc95 100644 --- a/templates/shared_services/gitea/terraform/mysql.tf +++ b/templates/shared_services/gitea/terraform/mysql.tf @@ -24,7 +24,7 @@ resource "azurerm_mysql_server" "gitea" { ssl_minimal_tls_version_enforced = "TLS1_2" tags = local.tre_shared_service_tags - lifecycle { ignore_changes = [tags] } + lifecycle { ignore_changes = [tags, threat_detection_policy] } } resource "azurerm_mysql_database" "gitea" { diff --git a/templates/shared_services/gitea/terraform/outputs.tf b/templates/shared_services/gitea/terraform/outputs.tf index b9bcc724d0..8c5ec57218 100644 --- a/templates/shared_services/gitea/terraform/outputs.tf +++ b/templates/shared_services/gitea/terraform/outputs.tf @@ -1,5 +1,5 @@ output "gitea_fqdn" { - value = azurerm_app_service.gitea.default_site_hostname + value = azurerm_linux_web_app.gitea.default_hostname } output "address_prefixes" { From f885395284b28997544caa83f31fb5d523489bc3 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 28 Aug 2022 12:00:13 +0000 Subject: [PATCH 2/3] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11b24ab63e..d4fc32877a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ FEATURES: ENHANCEMENTS: * Adding Log Analytics & Antimalware VM extensions ([#2520](https://github.com/microsoft/AzureTRE/pull/2520)) +* Gitea shared service support app-service standard SKUs ([#2523](https://github.com/microsoft/AzureTRE/pull/2523)) BUG FIXES: From 6c8238b60539d395dde32036e0b65f44f1788dd5 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 28 Aug 2022 12:31:08 +0000 Subject: [PATCH 3/3] lint --- templates/shared_services/gitea/terraform/locals.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/shared_services/gitea/terraform/locals.tf b/templates/shared_services/gitea/terraform/locals.tf index c94d50a73e..d5cc148fcf 100644 --- a/templates/shared_services/gitea/terraform/locals.tf +++ b/templates/shared_services/gitea/terraform/locals.tf @@ -2,7 +2,6 @@ locals { core_vnet = "vnet-${var.tre_id}" core_resource_group_name = "rg-${var.tre_id}" webapp_name = "gitea-${var.tre_id}" - firewall_name = "fw-${var.tre_id}" storage_account_name = lower(replace("stg-${var.tre_id}", "-", "")) keyvault_name = "kv-${var.tre_id}" version = replace(replace(replace(data.local_file.version.content, "__version__ = \"", ""), "\"", ""), "\n", "")