From 90f37ada81b1add959cc648a6bd615a286bfcfab Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Wed, 28 Dec 2022 06:51:17 +0000
Subject: [PATCH 1/4] new state store/cosmos to serverless

---
 core/terraform/deploy.sh          |  3 ++-
 core/terraform/migrate.sh         | 11 +++++++++++
 core/terraform/network/outputs.tf |  4 ----
 core/terraform/statestore.tf      |  9 ++++++++-
 core/terraform/variables.tf       |  5 +++++
 core/version.txt                  |  2 +-
 6 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/core/terraform/deploy.sh b/core/terraform/deploy.sh
index 5ba0f9d6ed..e71fb14ae1 100755
--- a/core/terraform/deploy.sh
+++ b/core/terraform/deploy.sh
@@ -7,7 +7,8 @@ set -o nounset
 
 # This is where we can migrate any Terraform before we plan and apply
 # For instance deprecated Terraform resources
-./migrate.sh
+# shellcheck disable=SC1091
+source ./migrate.sh
 
 PLAN_FILE="tfplan$$"
 TS=$(date +"%s")
diff --git a/core/terraform/migrate.sh b/core/terraform/migrate.sh
index 95dd416a42..b498503a89 100755
--- a/core/terraform/migrate.sh
+++ b/core/terraform/migrate.sh
@@ -158,4 +158,15 @@ if [ -n "${api_vnet_integration}" ]; then
     terraform apply -input=false -auto-approve ${PLAN_FILE}"
 fi
 
+# this isn't a classic migration, but impacts how terraform handles the deployment in the next phase
+state_store_serverless=$(echo "${terraform_show_json}" \
+  | jq 'select(.values.root_module.resources != null) | .values.root_module.resources[] | select(.address=="azurerm_cosmosdb_account.tre_db_account") | any(.values.capabilities[]; .name=="EnableServerless")')
+# false = resource EXITS in the state WITHOUT the serverless capability.
+# true = exists with the capability, empty value = resource doesn't exist.
+if [ "${state_store_serverless}" == "false" ]; then
+  echo "Identified CosmosDB with defined throughput."
+  TF_VAR_is_cosmos_defined_throughput="true"
+  export TF_VAR_is_cosmos_defined_throughput
+fi
+
 echo "*** Migration is done. ***"
diff --git a/core/terraform/network/outputs.tf b/core/terraform/network/outputs.tf
index 752cfb0a05..5864bc529e 100644
--- a/core/terraform/network/outputs.tf
+++ b/core/terraform/network/outputs.tf
@@ -40,10 +40,6 @@ output "resource_processor_subnet_id" {
 
 # DNS Zones
 
-output "private_dns_zone_mysql_id" {
-  value = azurerm_private_dns_zone.mysql.id
-}
-
 output "azure_monitor_dns_zone_id" {
   value = azurerm_private_dns_zone.azure_monitor.id
 }
diff --git a/core/terraform/statestore.tf b/core/terraform/statestore.tf
index 8727baaf0b..d433a25045 100644
--- a/core/terraform/statestore.tf
+++ b/core/terraform/statestore.tf
@@ -8,6 +8,14 @@ resource "azurerm_cosmosdb_account" "tre_db_account" {
   ip_range_filter           = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}"
   tags                      = local.tre_core_tags
 
+  dynamic "capabilities" {
+    # We can't change an existing cosmos
+    for_each = var.is_cosmos_defined_throughput ? [] : [1]
+    content {
+      name = "EnableServerless"
+    }
+  }
+
   consistency_policy {
     consistency_level       = "BoundedStaleness"
     max_interval_in_seconds = 10
@@ -31,7 +39,6 @@ resource "azurerm_cosmosdb_sql_database" "tre_db" {
   name                = "AzureTRE"
   resource_group_name = azurerm_resource_group.core.name
   account_name        = azurerm_cosmosdb_account.tre_db_account.name
-  throughput          = 400
 }
 
 moved {
diff --git a/core/terraform/variables.tf b/core/terraform/variables.tf
index 66f6c429eb..03cf8b75a5 100644
--- a/core/terraform/variables.tf
+++ b/core/terraform/variables.tf
@@ -165,3 +165,8 @@ variable "rp_bundle_values" {
   type        = map(string)
   default     = {}
 }
+
+variable "is_cosmos_defined_throughput" {
+  type = bool
+  default = false
+}
diff --git a/core/version.txt b/core/version.txt
index dd9b22cccc..722515271f 100644
--- a/core/version.txt
+++ b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.5.1"
+__version__ = "0.5.2"

From c9a99225f992edcae4aba757e4b3bc83e90abddd Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Wed, 28 Dec 2022 08:50:13 +0000
Subject: [PATCH 2/4] remove data objects

---
 core/terraform/storage.tf | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/core/terraform/storage.tf b/core/terraform/storage.tf
index 22ba892c66..b15504d49d 100644
--- a/core/terraform/storage.tf
+++ b/core/terraform/storage.tf
@@ -15,15 +15,6 @@ resource "azurerm_storage_share" "storage_state_path" {
   quota                = 50
 }
 
-data "azurerm_private_dns_zone" "blobcore" {
-  name                = "privatelink.blob.core.windows.net"
-  resource_group_name = azurerm_resource_group.core.name
-
-  depends_on = [
-    module.network,
-  ]
-}
-
 resource "azurerm_private_endpoint" "blobpe" {
   name                = "pe-blob-${var.tre_id}"
   location            = azurerm_resource_group.core.location
@@ -34,7 +25,7 @@ resource "azurerm_private_endpoint" "blobpe" {
 
   private_dns_zone_group {
     name                 = "private-dns-zone-group-blobcore"
-    private_dns_zone_ids = [data.azurerm_private_dns_zone.blobcore.id]
+    private_dns_zone_ids = [module.network.blob_core_dns_zone_id]
   }
 
   private_service_connection {
@@ -45,15 +36,6 @@ resource "azurerm_private_endpoint" "blobpe" {
   }
 }
 
-data "azurerm_private_dns_zone" "filecore" {
-  name                = "privatelink.file.core.windows.net"
-  resource_group_name = azurerm_resource_group.core.name
-
-  depends_on = [
-    module.network,
-  ]
-}
-
 resource "azurerm_private_endpoint" "filepe" {
   name                = "pe-file-${var.tre_id}"
   location            = azurerm_resource_group.core.location
@@ -65,7 +47,7 @@ resource "azurerm_private_endpoint" "filepe" {
 
   private_dns_zone_group {
     name                 = "private-dns-zone-group-filecore"
-    private_dns_zone_ids = [data.azurerm_private_dns_zone.filecore.id]
+    private_dns_zone_ids = [module.network.file_core_dns_zone_id]
   }
 
   private_service_connection {

From af531ccbcf30a81ddd922278dcb7b6f51da7d172 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Thu, 29 Dec 2022 06:15:11 +0000
Subject: [PATCH 3/4] changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 934ba7133e..23714ccf16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ ENHANCEMENTS:
 * Add the ability for workspace services to request addional address spaces from a workspace ([#2902](https://github.com/microsoft/AzureTRE/pull/2902))
 * Airlock processor function and api app service work with http2
 * Added the option to disable Swagger ([#2981](https://github.com/microsoft/AzureTRE/pull/2981))
+* Serverless CosmosDB for new deployments to reduce cost ([#3029](https://github.com/microsoft/AzureTRE/pull/3029))
 
 
 BUG FIXES:

From b865ed746d91849a66de4c32cf2c1b8194932f45 Mon Sep 17 00:00:00 2001
From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com>
Date: Thu, 29 Dec 2022 06:19:02 +0000
Subject: [PATCH 4/4] lint

---
 core/terraform/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/terraform/variables.tf b/core/terraform/variables.tf
index 03cf8b75a5..c39336ec97 100644
--- a/core/terraform/variables.tf
+++ b/core/terraform/variables.tf
@@ -167,6 +167,6 @@ variable "rp_bundle_values" {
 }
 
 variable "is_cosmos_defined_throughput" {
-  type = bool
+  type    = bool
   default = false
 }