Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changes to fix dependency issues and app insights TF issues #3581

Merged
merged 11 commits into from
Jul 20, 2023
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ BUG FIXES:
* Fix airlock_notifier not getting the right smtp password ([#3561](https://github.com/microsoft/AzureTRE/issues/3561))
* Fix issue when deleting failed resources gives no steps ([#3567](https://github.com/microsoft/AzureTRE/issues/3567))
* Fix airlock_notifier not getting the right smtp password ([#3565](https://github.com/microsoft/AzureTRE/issues/3565))
* Fix issues with networking dependancies and AMPLS deployment ([#3433](https://github.com/microsoft/AzureTRE/issues/3433))
marrobi marked this conversation as resolved.
Show resolved Hide resolved

COMPONENTS:

Expand Down
5 changes: 5 additions & 0 deletions core/terraform/servicebus.tf
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ resource "azurerm_private_endpoint" "sbpe" {
is_manual_connection = false
subresource_names = ["namespace"]
}

# private endpoints in serial
depends_on = [
azurerm_private_endpoint.filepe
]
}

# Block public access
Expand Down
10 changes: 10 additions & 0 deletions core/terraform/storage.tf
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ resource "azurerm_private_endpoint" "blobpe" {
is_manual_connection = false
subresource_names = ["Blob"]
}

# private endpoints in serial
depends_on = [
azurerm_private_endpoint.kvpe
]
}

resource "azurerm_private_endpoint" "filepe" {
Expand All @@ -56,4 +61,9 @@ resource "azurerm_private_endpoint" "filepe" {
is_manual_connection = false
subresource_names = ["file"]
}

# private endpoints in serial
depends_on = [
azurerm_private_endpoint.blobpe
]
}
2 changes: 1 addition & 1 deletion core/version.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "0.8.1"
__version__ = "0.8.2"
6 changes: 3 additions & 3 deletions templates/workspaces/base/porter.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
schemaVersion: 1.0.0
name: tre-workspace-base
version: 1.3.0
version: 1.4.4
description: "A base Azure TRE workspace"
dockerfile: Dockerfile.tmpl
registry: azuretre
Expand Down Expand Up @@ -146,9 +146,9 @@ outputs:
mixins:
- exec
- terraform:
clientVersion: 1.4.4
clientVersion: 1.4.6
- az:
clientVersion: 2.37.0
clientVersion: 2.49.0

install:
- terraform:
Expand Down
39 changes: 31 additions & 8 deletions templates/workspaces/base/terraform/azure-monitor/azure-monitor.tf
Original file line number Diff line number Diff line change
Expand Up @@ -44,18 +44,41 @@ resource "azurerm_log_analytics_linked_storage_account" "workspace_storage_custo
storage_account_ids = [azurerm_storage_account.app_insights.id]
}

resource "azurerm_monitor_private_link_scope" "workspace" {
name = "ampls-${var.tre_id}-ws-${local.short_workspace_id}"
resource_group_name = var.resource_group_name
tags = var.tre_workspace_tags
# TODO: Swith to azurerm once the issue is resolved
marrobi marked this conversation as resolved.
Show resolved Hide resolved
# resource "azurerm_monitor_private_link_scope" "workspace" {
# name = "ampls-${var.tre_id}-ws-${local.short_workspace_id}"
# resource_group_name = var.resource_group_name
# tags = var.tre_workspace_tags

# lifecycle { ignore_changes = [tags] }
# }

resource "azapi_resource" "pls_workspace" {
marrobi marked this conversation as resolved.
Show resolved Hide resolved
type = "microsoft.insights/privateLinkScopes@2021-07-01-preview"
name = "ampls-${var.tre_id}-ws-${local.short_workspace_id}"
parent_id = var.resource_group_id
location = "global"
tags = var.tre_workspace_tags

body = jsonencode({
properties = {
accessModeSettings = {
ingestionAccessMode = "PrivateOnly"
queryAccessMode = "PrivateOnly"
marrobi marked this conversation as resolved.
Show resolved Hide resolved
}
}
})

response_export_values = [
"id"
]

lifecycle { ignore_changes = [tags] }
}

resource "azurerm_monitor_private_link_scoped_service" "ampls_log_anaytics" {
name = "ampls-log-anaytics-service"
resource_group_name = var.resource_group_name
scope_name = azurerm_monitor_private_link_scope.workspace.name
scope_name = azapi_resource.pls_workspace.name
linked_resource_id = azurerm_log_analytics_workspace.workspace.id
}

Expand Down Expand Up @@ -106,7 +129,7 @@ resource "azapi_resource" "appinsights" {
resource "azurerm_monitor_private_link_scoped_service" "ampls_app_insights" {
name = "ampls-app-insights-service"
resource_group_name = var.resource_group_name
scope_name = azurerm_monitor_private_link_scope.workspace.name
scope_name = azapi_resource.pls_workspace.name

# linked_resource_id = azurerm_application_insights.workspace.id
linked_resource_id = jsondecode(azapi_resource.appinsights.output).id
Expand All @@ -122,7 +145,7 @@ resource "azurerm_private_endpoint" "azure_monitor_private_endpoint" {
lifecycle { ignore_changes = [tags] }

private_service_connection {
private_connection_resource_id = azurerm_monitor_private_link_scope.workspace.id
private_connection_resource_id = jsondecode(azapi_resource.pls_workspace.output).id
name = "psc-ampls-${var.tre_id}-ws-${local.short_workspace_id}"
subresource_names = ["azuremonitor"]
is_manual_connection = false
Expand Down
13 changes: 12 additions & 1 deletion templates/workspaces/base/terraform/network/network.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,11 @@ resource "azurerm_virtual_network_peering" "ws_core_peer" {
triggers = {
remote_address_space = join(",", data.azurerm_virtual_network.core.address_space)
}

# meant to resolve AnotherOperation errors with one operation in the vnet at a time
depends_on = [
azurerm_subnet.webapps
]
}

moved {
Expand All @@ -67,6 +72,12 @@ resource "azurerm_virtual_network_peering" "core_ws_peer" {
triggers = {
remote_address_space = join(",", azurerm_virtual_network.ws.address_space)
}

# meant to resolve AnotherOperation errors with one operation in the vnet at a time
depends_on = [
azurerm_virtual_network_peering.ws_core_peer
]

}

moved {
Expand All @@ -79,7 +90,7 @@ resource "azurerm_subnet_route_table_association" "rt_services_subnet_associatio
subnet_id = azurerm_subnet.services.id
depends_on = [
# meant to resolve AnotherOperation errors with one operation in the vnet at a time
azurerm_subnet.webapps
azurerm_virtual_network_peering.core_ws_peer
]
}

Expand Down
9 changes: 8 additions & 1 deletion templates/workspaces/base/terraform/storage.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ resource "azurerm_storage_container" "stgcontainer" {
name = "datalake"
storage_account_name = azurerm_storage_account.stg.name
container_access_type = "private"

depends_on = [
azurerm_private_endpoint.stgblobpe,
azurerm_storage_account_network_rules.stgrules
]
}

resource "azurerm_storage_account_network_rules" "stgrules" {
Expand All @@ -43,7 +48,7 @@ resource "azurerm_private_endpoint" "stgfilepe" {
tags = local.tre_workspace_tags

depends_on = [
module.network,
module.network
]

lifecycle { ignore_changes = [tags] }
Expand All @@ -70,6 +75,7 @@ resource "azurerm_private_endpoint" "stgblobpe" {

depends_on = [
module.network,
azurerm_private_endpoint.stgfilepe
marrobi marked this conversation as resolved.
Show resolved Hide resolved
]

lifecycle { ignore_changes = [tags] }
Expand All @@ -96,6 +102,7 @@ resource "azurerm_private_endpoint" "stgdfspe" {

depends_on = [
module.network,
azurerm_private_endpoint.stgblobpe
]

lifecycle { ignore_changes = [tags] }
Expand Down