From 1de8f60d83111389ea57926c614840afea5721ef Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Fri, 30 Sep 2022 08:43:17 +0000 Subject: [PATCH 1/7] terraform init in core/ops shouldn't use -upgrade --- devops/scripts/terraform_wrapper.sh | 2 +- devops/terraform/bootstrap.sh | 2 +- devops/terraform/deploy.sh | 2 +- templates/core/terraform/.terraform.lock.hcl | 55 ++++++++++---------- templates/core/terraform/main.tf | 4 +- templates/core/terraform/migrate.sh | 9 ++-- templates/core/terraform/outputs.sh | 2 +- templates/core/version.txt | 2 +- 8 files changed, 41 insertions(+), 37 deletions(-) diff --git a/devops/scripts/terraform_wrapper.sh b/devops/scripts/terraform_wrapper.sh index c011e4e57e..efa02a8078 100755 --- a/devops/scripts/terraform_wrapper.sh +++ b/devops/scripts/terraform_wrapper.sh @@ -91,7 +91,7 @@ if [[ -z ${tf_logfile+x} ]]; then echo -e "No logfile provided, using ${tf_logfile}\n" fi -terraform init -input=false -backend=true -reconfigure -upgrade \ +terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=${mgmt_resource_group_name}" \ -backend-config="storage_account_name=${mgmt_storage_account_name}" \ -backend-config="container_name=${container_name}" \ diff --git a/devops/terraform/bootstrap.sh b/devops/terraform/bootstrap.sh index dd80873322..f860b7341f 100755 --- a/devops/terraform/bootstrap.sh +++ b/devops/terraform/bootstrap.sh @@ -33,7 +33,7 @@ BOOTSTRAP_BACKEND # Set up Terraform echo -e "\n\e[34m»»» ✨ \e[96mTerraform init\e[0m..." -terraform init -input=false -backend=true -reconfigure -upgrade +terraform init -input=false -backend=true -reconfigure # Import the storage account & res group into state echo -e "\n\e[34m»»» 📤 \e[96mImporting resources to state\e[0m..." diff --git a/devops/terraform/deploy.sh b/devops/terraform/deploy.sh index f9cabcb90d..bd8c59657d 100755 --- a/devops/terraform/deploy.sh +++ b/devops/terraform/deploy.sh @@ -7,7 +7,7 @@ set -o nounset PLAN_FILE="devops.tfplan" -terraform init -input=false -backend=true -reconfigure -upgrade +terraform init -input=false -backend=true -reconfigure terraform plan -out ${PLAN_FILE} terraform apply -auto-approve ${PLAN_FILE} diff --git a/templates/core/terraform/.terraform.lock.hcl b/templates/core/terraform/.terraform.lock.hcl index 6bfb40419c..0244cb279e 100644 --- a/templates/core/terraform/.terraform.lock.hcl +++ b/templates/core/terraform/.terraform.lock.hcl @@ -22,21 +22,22 @@ provider "registry.terraform.io/hashicorp/azurerm" { } provider "registry.terraform.io/hashicorp/http" { - version = "3.0.1" + version = "3.1.0" + constraints = "~> 3.1.0" hashes = [ - "h1:4N7YctkZrU+K2AvUF57c1qUvoD92bBJj6vXwf/FKMhM=", - "zh:3b161998147d8cc3986a1580ddb065009ab628747424934cbcb9d221783541f8", - "zh:62c78b565cde08d8e3b98e8138cd8e46b50fdc2ddc560ac1f62b5646ce8e9b1f", - "zh:69ba560cd6360a285e83e1c220ab140d3119371850756ff2ed0abe39d362ea49", + "h1:0QHdTeDcRFKD4YybtVl1F95/qo8n4DY5fANQVYBvt10=", + "zh:04160b9c74dfe105f64678c0521279cda6516a3b8cdb6748078318af64563faf", + "zh:2d9b4df29aab50496b6371d925d6d6b3c45788850599fd7ba553411abc9c8326", + "zh:3d36344fae7cfafabfb7fd1108916d7251dcfd550d13b129c25437b43bc2e461", + "zh:58ea39aab145edb067f0fe183c2def1bfc93b57bd9ab0289074dba511bc17644", + "zh:6e2d491f02ba4e4134ca8a8cb7312b3a691bdad80a33a29f69d58a5740fade0c", + "zh:70a8d3fa67fd5a5fb5d9baba22be01986e38dd0f84f1e40f341fe55b491b0a03", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:95f38aebfa176a3424a329bc0f2e958bcf5a1f98d91dee21a436ca670fb2d570", - "zh:97eae729eb859948201d4393761f5c1a7ffe84046473527f65163f062d9af5d9", - "zh:b42de839114707e2fcfdf5ebf3a89129e5e17ebb5f84651c5775daecd776dc3b", - "zh:c47fa93605b8378504008534e0057e295d209a2128553c7b1bcc4fc7f6efafa2", - "zh:d9d4fe5143f80c1ccf22b055f069445ab7470942bb46027dadda8f3bc62d2780", - "zh:f051820764c50f4736d21e40d9b13a1ffde678748a9e6e1ef22a26adf27db9bf", - "zh:f67c9b73998fce13e94623be9b7afe89b30e3e6d34b504f765a344b11b8808b8", - "zh:f7d255dac5a73d30c7e629699fdf064decf705cd701d29e2120cef7bf0fb1d7f", + "zh:88490f4c31bebc185f4eb7b8e3a79e3b5f92b1343f6b0c14a5c5d8c5e1de9261", + "zh:8a2ba55c5621e28faed582218213812803481765f8faea681c5c3edc61646889", + "zh:8c401d8e0c99d9733287c5ad1309692d5c7e166af6711164ad41e3579f48e45f", + "zh:ce344855648da2c575ceb7b3af18e98519d46629e6eb20358f022370745a76d2", + "zh:f9f9fe99000bc7c6b778ce23e5fe16375acad644aa1b4b4894b3cb2e9a2c7903", ] } @@ -81,22 +82,22 @@ provider "registry.terraform.io/hashicorp/null" { } provider "registry.terraform.io/hashicorp/random" { - version = "3.3.2" - constraints = ">= 3.0.0, ~> 3.3.0" + version = "3.4.3" + constraints = ">= 3.0.0, ~> 3.4.0" hashes = [ - "h1:H5V+7iXol/EHB2+BUMzGlpIiCOdV74H8YjzCxnSAWcg=", - "zh:038293aebfede983e45ee55c328e3fde82ae2e5719c9bd233c324cfacc437f9c", - "zh:07eaeab03a723d83ac1cc218f3a59fceb7bbf301b38e89a26807d1c93c81cef8", - "zh:427611a4ce9d856b1c73bea986d841a969e4c2799c8ac7c18798d0cc42b78d32", - "zh:49718d2da653c06a70ba81fd055e2b99dfd52dcb86820a6aeea620df22cd3b30", - "zh:5574828d90b19ab762604c6306337e6cd430e65868e13ef6ddb4e25ddb9ad4c0", - "zh:7222e16f7833199dabf1bc5401c56d708ec052b2a5870988bc89ff85b68a5388", + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b1b2d7d934784d2aee98b0f8f07a8ccfc0410de63493ae2bf2222c165becf938", - "zh:b8f85b6a20bd264fcd0814866f415f0a368d1123cd7879c8ebbf905d370babc8", - "zh:c3813133acc02bbebddf046d9942e8ba5c35fc99191e3eb057957dafc2929912", - "zh:e7a41dbc919d1de800689a81c240c27eec6b9395564630764ebb323ea82ac8a9", - "zh:ee6d23208449a8eaa6c4f203e33f5176fa795b4b9ecf32903dffe6e2574732c2", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", ] } diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf index c16d659d83..f26e8fd24f 100644 --- a/templates/core/terraform/main.tf +++ b/templates/core/terraform/main.tf @@ -7,7 +7,7 @@ terraform { } random = { source = "hashicorp/random" - version = "~> 3.3.0" + version = "~> 3.4.0" } template = { source = "hashicorp/template" @@ -19,7 +19,7 @@ terraform { } http = { source = "hashicorp/http" - version = "~> 3.0.0" + version = "~> 3.1.0" } } diff --git a/templates/core/terraform/migrate.sh b/templates/core/terraform/migrate.sh index 551fa7838e..55234b7bb5 100755 --- a/templates/core/terraform/migrate.sh +++ b/templates/core/terraform/migrate.sh @@ -7,13 +7,16 @@ set -o nounset # This variables are loaded in for us # shellcheck disable=SC2154 -terraform init -input=false -backend=true -reconfigure -upgrade \ +terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=${TF_VAR_mgmt_resource_group_name}" \ -backend-config="storage_account_name=${TF_VAR_mgmt_storage_account_name}" \ -backend-config="container_name=${TF_VAR_terraform_state_container_name}" \ -backend-config="key=${TRE_ID}" -echo "*** Migrating TF Resources ***" +echo "*** Migrating TF Resources... ***" +# terraform show might fail if provider schema has changed. Since we don't call apply at this stage a refresh is needed +terraform refresh -target=module.resource_processor_vmss_porter[0].random_password.password # When moving to 3.4.* + # 1. Check we have a root_module in state # 2. Grab the Resource ID # 3. Delete the old resource from state @@ -153,4 +156,4 @@ if [ -n "${api_vnet_integration}" ]; then terraform apply -input=false -auto-approve ${PLAN_FILE}" fi -echo "Migration is done." +echo "*** Migration is done. ***" diff --git a/templates/core/terraform/outputs.sh b/templates/core/terraform/outputs.sh index ee03c5f849..c6b7d08af4 100755 --- a/templates/core/terraform/outputs.sh +++ b/templates/core/terraform/outputs.sh @@ -5,7 +5,7 @@ if [ ! -f ../tre_output.json ]; then # Connect to the remote backend of Terraform export TF_LOG="" # shellcheck disable=SC2154 - terraform init -input=false -backend=true -reconfigure -upgrade \ + terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ diff --git a/templates/core/version.txt b/templates/core/version.txt index 4fef01e0d4..7fe0489074 100644 --- a/templates/core/version.txt +++ b/templates/core/version.txt @@ -1 +1 @@ -__version__ = "0.4.28" +__version__ = "0.4.29" From 649186c918fd2c23fea273db561a71b09920f92f Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Fri, 30 Sep 2022 08:44:21 +0000 Subject: [PATCH 2/7] update terraform in devcontainer --- .devcontainer/Dockerfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 7cb862150b..c861b39b4e 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -24,7 +24,8 @@ ARG NODE_VERSION="lts/*" RUN su $USERNAME -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1" # Install terraform -ARG TERRAFORM_VERSION="1.2.7" +# version 1.3.0/1 has issues with keep recreating certificate +ARG TERRAFORM_VERSION="1.2.9" COPY .devcontainer/scripts/terraform.sh /tmp/ RUN bash /tmp/terraform.sh "${TERRAFORM_VERSION}" /usr/bin @@ -40,15 +41,13 @@ RUN apt-get update && apt-get install -y ca-certificates curl gnupg lsb-release && apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io --no-install-recommends \ && apt-get clean -y && rm -rf /var/lib/apt/lists/* -# Install nekos act - run GitHub workflows locally https://github.com/nektos/act -RUN if [ "${INTERACTIVE}" = "true" ]; then curl https://raw.githubusercontent.com/nektos/act/master/install.sh | bash; fi - # Install Certbot -RUN apt-get update && apt-get install -y python3 python3-venv libaugeas0 --no-install-recommends \ +RUN if [ "${INTERACTIVE}" = "true" ]; then \ + apt-get update && apt-get install -y python3 python3-venv libaugeas0 --no-install-recommends \ && python3 -m venv /opt/certbot/ \ && /opt/certbot/bin/pip install --no-cache-dir --upgrade pip \ && /opt/certbot/bin/pip install --no-cache-dir certbot \ - && apt-get clean -y && rm -rf /var/lib/apt/lists/* + && apt-get clean -y && rm -rf /var/lib/apt/lists/* ; fi # Install Porter # Not using the script from https://cdn.porter.sh/latest/install-linux.sh From 6a062a18f95ddc7adde08b8ebd6ec5290fc446ce Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Fri, 30 Sep 2022 15:07:51 +0000 Subject: [PATCH 3/7] always refresh --- templates/core/terraform/migrate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/core/terraform/migrate.sh b/templates/core/terraform/migrate.sh index 55234b7bb5..ab677e32cf 100755 --- a/templates/core/terraform/migrate.sh +++ b/templates/core/terraform/migrate.sh @@ -15,7 +15,7 @@ terraform init -input=false -backend=true -reconfigure \ echo "*** Migrating TF Resources... ***" # terraform show might fail if provider schema has changed. Since we don't call apply at this stage a refresh is needed -terraform refresh -target=module.resource_processor_vmss_porter[0].random_password.password # When moving to 3.4.* +terraform refresh # 1. Check we have a root_module in state # 2. Grab the Resource ID From 13f356a81d448ea27da08aac81df2ad402a2db8b Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 2 Oct 2022 06:16:28 +0000 Subject: [PATCH 4/7] tflint --- templates/core/terraform/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf index f26e8fd24f..b404db968b 100644 --- a/templates/core/terraform/main.tf +++ b/templates/core/terraform/main.tf @@ -9,10 +9,6 @@ terraform { source = "hashicorp/random" version = "~> 3.4.0" } - template = { - source = "hashicorp/template" - version = "~> 2.2.0" - } local = { source = "hashicorp/local" version = "~> 2.2.0" From 5484475c54ae4a561f307a1473fe088fb0ae0c02 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 2 Oct 2022 06:29:19 +0000 Subject: [PATCH 5/7] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index caaf8dd129..43c2b2b259 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ BUG FIXES: * Resource processor error on deploying user-resource: TypeError: 'NoneType' object is not iterable ([#2569](https://github.com/microsoft/AzureTRE/issues/2569)) * Update Porter and Terraform mixin versions ([#2639](https://github.com/microsoft/AzureTRE/issues/2639)) * Airlock Manager should have permissions to get SAS token ([#2502](https://github.com/microsoft/AzureTRE/issues/2502)) +* Terraform unmarshal errors in `migrate.sh` ([#2673](https://github.com/microsoft/AzureTRE/issues/2673)) ## 0.4.3 (September 12, 2022) From 51870653241270d52ea5b21530bae23b999c4aab Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 2 Oct 2022 06:40:51 +0000 Subject: [PATCH 6/7] Remove doker env variables --- CHANGELOG.md | 1 + templates/core/terraform/api-webapp.tf | 2 +- templates/core/terraform/deploy.sh | 7 ----- templates/core/terraform/destroy.sh | 14 +++++----- templates/core/terraform/import.sh | 26 ++++++++++--------- templates/core/terraform/locals.tf | 1 + templates/core/terraform/main.tf | 4 +-- templates/core/terraform/outputs.tf | 2 +- templates/core/terraform/variables.tf | 5 ---- templates/core/version.txt | 2 +- .../admin-vm/terraform/deploy.sh | 11 +------- .../admin-vm/terraform/destroy.sh | 10 +------ .../shared_services/gitea/terraform/deploy.sh | 13 +++++++--- .../gitea/terraform/destroy.sh | 13 +++++++--- .../gitea/terraform/deploy.sh | 16 +++++------- .../gitea/terraform/destroy.sh | 15 +++++------ 16 files changed, 62 insertions(+), 80 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 43c2b2b259..4ebe045a1f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ ENHANCEMENTS: * Cancelling an Airlock request triggers deletion of the request container and files ([#2584](https://github.com/microsoft/AzureTRE/pull/2584)) * Move admin-vm from core to a shared service ([#2624](https://github.com/microsoft/AzureTRE/pull/2624)) +* Remove obsolete docker environment variables ([#TBD](https://github.com/microsoft/AzureTRE/pull/TBD)) BUG FIXES: diff --git a/templates/core/terraform/api-webapp.tf b/templates/core/terraform/api-webapp.tf index 7ecf84cd6e..32b4a4b17c 100644 --- a/templates/core/terraform/api-webapp.tf +++ b/templates/core/terraform/api-webapp.tf @@ -73,7 +73,7 @@ resource "azurerm_linux_web_app" "api" { ftps_state = "Disabled" application_stack { - docker_image = "${var.docker_registry_server}/${var.api_image_repository}" + docker_image = "${local.docker_registry_server}/${var.api_image_repository}" docker_image_tag = local.version } diff --git a/templates/core/terraform/deploy.sh b/templates/core/terraform/deploy.sh index f9d15df754..84f240cd5f 100755 --- a/templates/core/terraform/deploy.sh +++ b/templates/core/terraform/deploy.sh @@ -5,13 +5,6 @@ set -o pipefail set -o nounset # set -o xtrace -# This variables are loaded in for us -# shellcheck disable=SC2154 -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username="${TF_VAR_acr_name}" -TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g') -export TF_VAR_docker_registry_password - # This is where we can migrate any Terraform before we plan and apply # For instance deprecated Terraform resources ./migrate.sh diff --git a/templates/core/terraform/destroy.sh b/templates/core/terraform/destroy.sh index a264098e70..6f6892e589 100755 --- a/templates/core/terraform/destroy.sh +++ b/templates/core/terraform/destroy.sh @@ -5,11 +5,9 @@ set -o pipefail set -o nounset # set -o xtrace -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g') - -../../../devops/scripts/terraform_wrapper.sh -g $TF_VAR_mgmt_resource_group_name \ - -s $TF_VAR_mgmt_storage_account_name \ - -n $TF_VAR_terraform_state_container_name \ - -k $TRE_ID -c "terraform destroy -auto-approve" +# This variables are loaded in for us +# shellcheck disable=SC2154 +../../../devops/scripts/terraform_wrapper.sh -g "${TF_VAR_mgmt_resource_group_name}" \ + -s "${TF_VAR_mgmt_storage_account_name}" \ + -n "${TF_VAR_terraform_state_container_name}" \ + -k "${TRE_ID}" -c "terraform destroy -auto-approve" diff --git a/templates/core/terraform/import.sh b/templates/core/terraform/import.sh index 44f4352937..7b3801c1e7 100755 --- a/templates/core/terraform/import.sh +++ b/templates/core/terraform/import.sh @@ -1,15 +1,17 @@ -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g') +#!/bin/bash -export TF_LOG="" - -cd ./templates/core/terraform/ +set -o errexit +set -o pipefail +set -o nounset +# set -o xtrace -terraform init -input=false -backend=true -reconfigure -upgrade \ - -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ - -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ - -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=${TRE_ID}" +export TF_LOG="" -terraform import ... +# This variables are loaded in for us +# shellcheck disable=SC2154 +../../../devops/scripts/terraform_wrapper.sh \ + -g "${TF_VAR_mgmt_resource_group_name}" \ + -s "${TF_VAR_mgmt_storage_account_name}" \ + -n "${TF_VAR_terraform_state_container_name}" \ + -k "${TRE_ID}" \ + -c "terraform import ..." diff --git a/templates/core/terraform/locals.tf b/templates/core/terraform/locals.tf index a3cf7b88e1..118442d0c9 100644 --- a/templates/core/terraform/locals.tf +++ b/templates/core/terraform/locals.tf @@ -8,4 +8,5 @@ locals { "AppServiceHTTPLogs", "AppServiceConsoleLogs", "AppServiceAppLogs", "AppServiceFileAuditLogs", "AppServiceAuditLogs", "AppServiceIPSecAuditLogs", "AppServicePlatformLogs", "AppServiceAntivirusScanAuditLogs" ] + docker_registry_server = "${var.acr_name}.azurecr.io" } diff --git a/templates/core/terraform/main.tf b/templates/core/terraform/main.tf index b404db968b..91f82b938b 100644 --- a/templates/core/terraform/main.tf +++ b/templates/core/terraform/main.tf @@ -105,7 +105,7 @@ module "airlock_resources" { resource_group_name = azurerm_resource_group.core.name airlock_storage_subnet_id = module.network.airlock_storage_subnet_id airlock_events_subnet_id = module.network.airlock_events_subnet_id - docker_registry_server = var.docker_registry_server + docker_registry_server = local.docker_registry_server mgmt_resource_group_name = var.mgmt_resource_group_name mgmt_acr_name = var.acr_name api_principal_id = azurerm_user_assigned_identity.id.principal_id @@ -135,7 +135,7 @@ module "resource_processor_vmss_porter" { acr_id = data.azurerm_container_registry.mgmt_acr.id app_insights_connection_string = module.azure_monitor.app_insights_connection_string resource_processor_subnet_id = module.network.resource_processor_subnet_id - docker_registry_server = var.docker_registry_server + docker_registry_server = local.docker_registry_server resource_processor_vmss_porter_image_repository = var.resource_processor_vmss_porter_image_repository service_bus_namespace_id = azurerm_servicebus_namespace.sb.id service_bus_resource_request_queue = azurerm_servicebus_queue.workspacequeue.name diff --git a/templates/core/terraform/outputs.tf b/templates/core/terraform/outputs.tf index 34d38c372f..d435f095ac 100644 --- a/templates/core/terraform/outputs.tf +++ b/templates/core/terraform/outputs.tf @@ -69,7 +69,7 @@ output "terraform_state_container_name" { } output "registry_server" { - value = var.docker_registry_server + value = local.docker_registry_server } output "event_grid_status_changed_topic_endpoint" { diff --git a/templates/core/terraform/variables.tf b/templates/core/terraform/variables.tf index 0dc605fd6d..cbf5106e2f 100644 --- a/templates/core/terraform/variables.tf +++ b/templates/core/terraform/variables.tf @@ -65,11 +65,6 @@ variable "resource_processor_number_processes_per_instance" { description = "The number of CPU processes to run the RP on per VM instance" } -variable "docker_registry_server" { - type = string - description = "Docker registry server" -} - variable "swagger_ui_client_id" { type = string description = "The client id (app id) of the registration in Azure AD for the Swagger UI" diff --git a/templates/core/version.txt b/templates/core/version.txt index 7fe0489074..e2b01a98c0 100644 --- a/templates/core/version.txt +++ b/templates/core/version.txt @@ -1 +1 @@ -__version__ = "0.4.29" +__version__ = "0.4.31" diff --git a/templates/shared_services/admin-vm/terraform/deploy.sh b/templates/shared_services/admin-vm/terraform/deploy.sh index f15ba8a684..08a52b7119 100755 --- a/templates/shared_services/admin-vm/terraform/deploy.sh +++ b/templates/shared_services/admin-vm/terraform/deploy.sh @@ -6,15 +6,6 @@ set -o nounset # Uncomment this line to see each command for debugging (careful: this will show secrets!) # set -o xtrace - -# This script assumes you have created an .env from the sample and the variables -# will come from there. -# shellcheck disable=SC2154 -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username="${TF_VAR_acr_name}" -TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g') -export TF_VAR_docker_registry_password - export TF_LOG="" # This script assumes you have created an .env from the sample and the variables @@ -24,6 +15,6 @@ terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id" + -backend-config="key=${TRE_ID}-adminvm" terraform plan terraform apply -auto-approve diff --git a/templates/shared_services/admin-vm/terraform/destroy.sh b/templates/shared_services/admin-vm/terraform/destroy.sh index 8ae3e7a479..b74684a968 100755 --- a/templates/shared_services/admin-vm/terraform/destroy.sh +++ b/templates/shared_services/admin-vm/terraform/destroy.sh @@ -6,14 +6,6 @@ set -o nounset # Uncomment this line to see each command for debugging (careful: this will show secrets!) # set -o xtrace -# This script assumes you have created an .env from the sample and the variables -# will come from there. -# shellcheck disable=SC2154 -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g') -export TF_VAR_docker_registry_password - export TF_LOG="" # This script assumes you have created an .env from the sample and the variables @@ -23,6 +15,6 @@ terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id" + -backend-config="key=${TRE_ID}-adminvm" terraform destroy -auto-approve diff --git a/templates/shared_services/gitea/terraform/deploy.sh b/templates/shared_services/gitea/terraform/deploy.sh index fb70897d72..3559959fca 100755 --- a/templates/shared_services/gitea/terraform/deploy.sh +++ b/templates/shared_services/gitea/terraform/deploy.sh @@ -1,9 +1,16 @@ -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g') +#!/bin/bash + +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace export TF_LOG="" +# This script assumes you have created an .env from the sample and the variables +# will come from there. +# shellcheck disable=SC2154 terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ diff --git a/templates/shared_services/gitea/terraform/destroy.sh b/templates/shared_services/gitea/terraform/destroy.sh index 1c22951ecd..58d56580b8 100755 --- a/templates/shared_services/gitea/terraform/destroy.sh +++ b/templates/shared_services/gitea/terraform/destroy.sh @@ -1,9 +1,16 @@ -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -export TF_VAR_docker_registry_password=$(az acr credential show --name ${TF_VAR_acr_name} --query passwords[0].value -o tsv | sed 's/"//g') +#!/bin/bash + +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace export TF_LOG="" +# This script assumes you have created an .env from the sample and the variables +# will come from there. +# shellcheck disable=SC2154 terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ diff --git a/templates/workspace_services/gitea/terraform/deploy.sh b/templates/workspace_services/gitea/terraform/deploy.sh index 0d43b987d8..0d9d3cc915 100755 --- a/templates/workspace_services/gitea/terraform/deploy.sh +++ b/templates/workspace_services/gitea/terraform/deploy.sh @@ -1,13 +1,10 @@ #!/bin/bash -set -e -# This script assumes you have created an .env from the sample and the variables -# will come from there. -# shellcheck disable=SC2154 -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g') -export TF_VAR_docker_registry_password +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace export TF_LOG="" @@ -18,6 +15,7 @@ terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id" + -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}" + terraform plan terraform apply -auto-approve diff --git a/templates/workspace_services/gitea/terraform/destroy.sh b/templates/workspace_services/gitea/terraform/destroy.sh index 664f1efac6..bdf0202e1c 100755 --- a/templates/workspace_services/gitea/terraform/destroy.sh +++ b/templates/workspace_services/gitea/terraform/destroy.sh @@ -1,13 +1,10 @@ #!/bin/bash -set -e -# This script assumes you have created an .env from the sample and the variables -# will come from there. -# shellcheck disable=SC2154 -export TF_VAR_docker_registry_server="$TF_VAR_acr_name.azurecr.io" -export TF_VAR_docker_registry_username=$TF_VAR_acr_name -TF_VAR_docker_registry_password=$(az acr credential show --name "${TF_VAR_acr_name}" --query passwords[0].value -o tsv | sed 's/"//g') -export TF_VAR_docker_registry_password +set -o errexit +set -o pipefail +set -o nounset +# Uncomment this line to see each command for debugging (careful: this will show secrets!) +# set -o xtrace export TF_LOG="" @@ -18,6 +15,6 @@ terraform init -input=false -backend=true -reconfigure \ -backend-config="resource_group_name=$TF_VAR_mgmt_resource_group_name" \ -backend-config="storage_account_name=$TF_VAR_mgmt_storage_account_name" \ -backend-config="container_name=$TF_VAR_terraform_state_container_name" \ - -backend-config="key=tre-workspace-service-gitea-$TF_VAR_id" + -backend-config="key=tre-workspace-service-gitea-${TF_VAR_id}" terraform destroy -auto-approve From 59f5e66ae036c0753ae8ab3b3c2ac57dca2fd1cd Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 2 Oct 2022 06:48:00 +0000 Subject: [PATCH 7/7] update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ebe045a1f..4a184c13a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,7 +22,7 @@ ENHANCEMENTS: * Cancelling an Airlock request triggers deletion of the request container and files ([#2584](https://github.com/microsoft/AzureTRE/pull/2584)) * Move admin-vm from core to a shared service ([#2624](https://github.com/microsoft/AzureTRE/pull/2624)) -* Remove obsolete docker environment variables ([#TBD](https://github.com/microsoft/AzureTRE/pull/TBD)) +* Remove obsolete docker environment variables ([#2675](https://github.com/microsoft/AzureTRE/pull/2675)) BUG FIXES: