Remove doker env variables (#2675)

* terraform init in core/ops shouldn't use -upgrade

* update terraform in devcontainer

* always refresh

* tflint

* update changelog

* Remove doker env variables

* update changelog

CHANGELOG.md

@@ -23,6 +23,7 @@ ENHANCEMENTS:
 * Cancelling an Airlock request triggers deletion of the request container and files ([#2584](https://github.com/microsoft/AzureTRE/pull/2584))
 * Airlock requests with status "blocked_by_scan" have the reason for being blocked by the malware scanner in the status_message field ([#2666](https://github.com/microsoft/AzureTRE/pull/2666))
 * Move admin-vm from core to a shared service ([#2624](https://github.com/microsoft/AzureTRE/pull/2624))
+* Remove obsolete docker environment variables ([#2675](https://github.com/microsoft/AzureTRE/pull/2675))
 
 BUG FIXES:
 

templates/core/terraform/api-webapp.tf

@@ -73,7 +73,7 @@ resource "azurerm_linux_web_app" "api" {
     ftps_state                                    = "Disabled"
 
     application_stack {
-      docker_image     = "${var.docker_registry_server}/${var.api_image_repository}"
+      docker_image     = "${local.docker_registry_server}/${var.api_image_repository}"
       docker_image_tag = local.version
     }
 

templates/core/terraform/deploy.sh

@@ -5,13 +5,6 @@ set -o pipefail
 set -o nounset
 # set -o xtrace
 
-# This variables are loaded in for us
-# shellcheck disable=SC2154
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username="${TF_VAR_acr_name}"
-TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g')
-export TF_VAR_docker_registry_password
-
 # This is where we can migrate any Terraform before we plan and apply
 # For instance deprecated Terraform resources
 ./migrate.sh

templates/core/terraform/destroy.sh

@@ -5,11 +5,9 @@ set -o pipefail
 set -o nounset
 # set -o xtrace
 
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g')
-
-../../../devops/scripts/terraform_wrapper.sh -g $TF_VAR_mgmt_resource_group_name \
-                                             -s $TF_VAR_mgmt_storage_account_name \
-                                             -n $TF_VAR_terraform_state_container_name \
-                                             -k $TRE_ID -c "terraform destroy -auto-approve"
+# This variables are loaded in for us
+# shellcheck disable=SC2154
+../../../devops/scripts/terraform_wrapper.sh -g "${TF_VAR_mgmt_resource_group_name}" \
+                                             -s "${TF_VAR_mgmt_storage_account_name}" \
+                                             -n "${TF_VAR_terraform_state_container_name}" \
+                                             -k "${TRE_ID}" -c "terraform destroy -auto-approve"

templates/core/terraform/import.sh

@@ -1,15 +1,17 @@
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g')
+#!/bin/bash
 
-export TF_LOG=""
-
-cd ./templates/core/terraform/
+set -o errexit
+set -o pipefail
+set -o nounset
+# set -o xtrace
 
-terraform init -input=false -backend=true -reconfigure -upgrade \
-    -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
-    -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \
-    -backend-config="container_name=$TF_VAR_terraform_state_container_name" \
-    -backend-config="key=${TRE_ID}"
+export TF_LOG=""
 
-terraform import ...
+# This variables are loaded in for us
+# shellcheck disable=SC2154
+../../../devops/scripts/terraform_wrapper.sh \
+  -g "${TF_VAR_mgmt_resource_group_name}" \
+  -s "${TF_VAR_mgmt_storage_account_name}" \
+  -n "${TF_VAR_terraform_state_container_name}" \
+  -k "${TRE_ID}" \
+  -c "terraform import ..."

templates/core/terraform/locals.tf

@@ -8,4 +8,5 @@ locals {
     "AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs", "AppServiceFileAuditLogs",
     "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs"
   ]
+  docker_registry_server = "${var.acr_name}.azurecr.io"
 }

templates/core/terraform/main.tf

@@ -105,7 +105,7 @@ module "airlock_resources" {
   resource_group_name                   = azurerm_resource_group.core.name
   airlock_storage_subnet_id             = module.network.airlock_storage_subnet_id
   airlock_events_subnet_id              = module.network.airlock_events_subnet_id
-  docker_registry_server                = var.docker_registry_server
+  docker_registry_server                = local.docker_registry_server
   mgmt_resource_group_name              = var.mgmt_resource_group_name
   mgmt_acr_name                         = var.acr_name
   api_principal_id                      = azurerm_user_assigned_identity.id.principal_id
@@ -135,7 +135,7 @@ module "resource_processor_vmss_porter" {
   acr_id                                           = data.azurerm_container_registry.mgmt_acr.id
   app_insights_connection_string                   = module.azure_monitor.app_insights_connection_string
   resource_processor_subnet_id                     = module.network.resource_processor_subnet_id
-  docker_registry_server                           = var.docker_registry_server
+  docker_registry_server                           = local.docker_registry_server
   resource_processor_vmss_porter_image_repository  = var.resource_processor_vmss_porter_image_repository
   service_bus_namespace_id                         = azurerm_servicebus_namespace.sb.id
   service_bus_resource_request_queue               = azurerm_servicebus_queue.workspacequeue.name

templates/core/terraform/outputs.tf

@@ -69,7 +69,7 @@ output "terraform_state_container_name" {
 }
 
 output "registry_server" {
-  value = var.docker_registry_server
+  value = local.docker_registry_server
 }
 
 output "event_grid_status_changed_topic_endpoint" {

templates/core/terraform/variables.tf

@@ -65,11 +65,6 @@ variable "resource_processor_number_processes_per_instance" {
   description = "The number of CPU processes to run the RP on per VM instance"
 }
 
-variable "docker_registry_server" {
-  type        = string
-  description = "Docker registry server"
-}
-
 variable "swagger_ui_client_id" {
   type        = string
   description = "The client id (app id) of the registration in Azure AD for the Swagger UI"

templates/core/version.txt

@@ -1 +1 @@
-__version__ = "0.4.29"
+__version__ = "0.4.30"

templates/shared_services/admin-vm/terraform/deploy.sh

@@ -6,15 +6,6 @@ set -o nounset
 # Uncomment this line to see each command for debugging (careful: this will show secrets!)
 # set -o xtrace
 
-
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username="${TF_VAR_acr_name}"
-TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g')
-export TF_VAR_docker_registry_password
-
 export TF_LOG=""
 
 # This script assumes you have created an .env from the sample and the variables
@@ -24,6 +15,6 @@ terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
     -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \
     -backend-config="container_name=$TF_VAR_terraform_state_container_name" \
-    -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id"
+    -backend-config="key=${TRE_ID}-adminvm"
 terraform plan
 terraform apply -auto-approve

templates/shared_services/admin-vm/terraform/destroy.sh

@@ -6,14 +6,6 @@ set -o nounset
 # Uncomment this line to see each command for debugging (careful: this will show secrets!)
 # set -o xtrace
 
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g')
-export TF_VAR_docker_registry_password
-
 export TF_LOG=""
 
 # This script assumes you have created an .env from the sample and the variables
@@ -23,6 +15,6 @@ terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
     -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \
     -backend-config="container_name=$TF_VAR_terraform_state_container_name" \
-    -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id"
+    -backend-config="key=${TRE_ID}-adminvm"
 
 terraform destroy -auto-approve

templates/shared_services/gitea/terraform/deploy.sh

@@ -1,9 +1,16 @@
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g')
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+# Uncomment this line to see each command for debugging (careful: this will show secrets!)
+# set -o xtrace
 
 export TF_LOG=""
 
+# This script assumes you have created an .env from the sample and the variables
+# will come from there.
+# shellcheck disable=SC2154
 terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
     -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \

templates/shared_services/gitea/terraform/destroy.sh

@@ -1,9 +1,16 @@
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g')
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+# Uncomment this line to see each command for debugging (careful: this will show secrets!)
+# set -o xtrace
 
 export TF_LOG=""
 
+# This script assumes you have created an .env from the sample and the variables
+# will come from there.
+# shellcheck disable=SC2154
 terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
     -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \

templates/workspace_services/gitea/terraform/deploy.sh

@@ -1,13 +1,10 @@
 #!/bin/bash
-set -e
 
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g')
-export TF_VAR_docker_registry_password
+set -o errexit
+set -o pipefail
+set -o nounset
+# Uncomment this line to see each command for debugging (careful: this will show secrets!)
+# set -o xtrace
 
 export TF_LOG=""
 
@@ -18,6 +15,7 @@ terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
     -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \
     -backend-config="container_name=$TF_VAR_terraform_state_container_name" \
-    -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id"
+    -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}"
+
 terraform plan
 terraform apply -auto-approve

templates/workspace_services/gitea/terraform/destroy.sh

@@ -1,13 +1,10 @@
 #!/bin/bash
-set -e
 
-# This script assumes you have created an .env from the sample and the variables
-# will come from there.
-# shellcheck disable=SC2154
-export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io"
-export TF_VAR_docker_registry_username=$TF_VAR_acr_name
-TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g')
-export TF_VAR_docker_registry_password
+set -o errexit
+set -o pipefail
+set -o nounset
+# Uncomment this line to see each command for debugging (careful: this will show secrets!)
+# set -o xtrace
 
 export TF_LOG=""
 
@@ -18,6 +15,6 @@ terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \
     -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \
     -backend-config="container_name=$TF_VAR_terraform_state_container_name" \
-    -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id"
+    -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}"
 
 terraform destroy -auto-approve