From 158dce1804b45eacaaca3317463d53df64796686 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Thu, 14 Nov 2024 00:50:16 +0200 Subject: [PATCH] Update obsolete TF properties (#4136) update obsolete TF properties Co-authored-by: Tamir Kamara --- Makefile | 2 +- core/terraform/.terraform.lock.hcl | 3 +- core/terraform/airlock/service_bus.tf | 10 +++---- core/terraform/api-webapp.tf | 4 +-- core/terraform/cosmos_mongo.tf | 18 ++++++------ core/terraform/network/network.tf | 28 +++++++++---------- core/terraform/outputs.tf | 2 +- core/terraform/servicebus.tf | 8 +++--- core/terraform/statestore.tf | 16 +++++------ core/version.txt | 2 +- .../airlock_notifier/porter.yaml | 2 +- .../terraform/airlock_notifier.tf | 2 +- .../shared_services/firewall/porter.yaml | 2 +- .../firewall/terraform/routetable.tf | 2 +- .../workspace_services/azureml/porter.yaml | 2 +- .../azureml/terraform/network.tf | 2 +- .../workspace_services/databricks/porter.yaml | 2 +- .../databricks/terraform/network.tf | 2 +- 18 files changed, 55 insertions(+), 54 deletions(-) diff --git a/Makefile b/Makefile index 4053dc3f9..4c0b32baf 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: bootstrap-init mgmt-deploy mgmt-destroy build-api-image push-api-image deploy-tre destroy-tre letsencrypt +.PHONY: bootstrap-init mgmt-deploy mgmt-destroy build-api-image push-api-image tre-deploy tre-destroy letsencrypt .DEFAULT_GOAL := help SHELL:=/bin/bash diff --git a/core/terraform/.terraform.lock.hcl b/core/terraform/.terraform.lock.hcl index 053902095..bc7c2d050 100644 --- a/core/terraform/.terraform.lock.hcl +++ b/core/terraform/.terraform.lock.hcl @@ -3,8 +3,9 @@ provider "registry.terraform.io/azure/azapi" { version = "1.15.0" - constraints = "1.15.0" + constraints = ">= 1.15.0, ~> 1.15.0" hashes = [ + "h1:Y7ruMuPh8UJRTRl4rm+cdpGtmURx2taqiuqfYaH3o48=", "h1:gIOgxVmFSxHrR+XOzgUEA+ybOmp8kxZlZH3eYeB/eFI=", "zh:0627a8bc77254debc25dc0c7b62e055138217c97b03221e593c3c56dc7550671", "zh:2fe045f07070ef75d0bec4b0595a74c14394daa838ddb964e2fd23cc98c40c34", diff --git a/core/terraform/airlock/service_bus.tf b/core/terraform/airlock/service_bus.tf index 82e34e86a..250e3ba15 100644 --- a/core/terraform/airlock/service_bus.tf +++ b/core/terraform/airlock/service_bus.tf @@ -3,35 +3,35 @@ resource "azurerm_servicebus_queue" "step_result" { name = local.step_result_queue_name namespace_id = var.airlock_servicebus.id - enable_partitioning = false + partitioning_enabled = false } resource "azurerm_servicebus_queue" "status_changed" { name = local.status_changed_queue_name namespace_id = var.airlock_servicebus.id - enable_partitioning = false + partitioning_enabled = false } resource "azurerm_servicebus_queue" "scan_result" { name = local.scan_result_queue_name namespace_id = var.airlock_servicebus.id - enable_partitioning = false + partitioning_enabled = false } resource "azurerm_servicebus_queue" "data_deletion" { name = local.data_deletion_queue_name namespace_id = var.airlock_servicebus.id - enable_partitioning = false + partitioning_enabled = false } resource "azurerm_servicebus_topic" "blob_created" { name = local.blob_created_topic_name namespace_id = var.airlock_servicebus.id - enable_partitioning = false + partitioning_enabled = false } resource "azurerm_servicebus_subscription" "airlock_processor" { diff --git a/core/terraform/api-webapp.tf b/core/terraform/api-webapp.tf index b07577f40..eabbf728b 100644 --- a/core/terraform/api-webapp.tf +++ b/core/terraform/api-webapp.tf @@ -85,8 +85,8 @@ resource "azurerm_linux_web_app" "api" { ftps_state = "Disabled" application_stack { - docker_image = "${local.docker_registry_server}/${var.api_image_repository}" - docker_image_tag = local.version + docker_registry_url = "https://${local.docker_registry_server}" + docker_image_name = "${var.api_image_repository}:${local.version}" } cors { diff --git a/core/terraform/cosmos_mongo.tf b/core/terraform/cosmos_mongo.tf index 6b4f386d0..904424cca 100644 --- a/core/terraform/cosmos_mongo.tf +++ b/core/terraform/cosmos_mongo.tf @@ -1,12 +1,12 @@ resource "azurerm_cosmosdb_account" "mongo" { - name = "cosmos-mongo-${var.tre_id}" - location = azurerm_resource_group.core.location - resource_group_name = azurerm_resource_group.core.name - offer_type = "Standard" - kind = "MongoDB" - enable_automatic_failover = false - mongo_server_version = 4.2 - ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" + name = "cosmos-mongo-${var.tre_id}" + location = azurerm_resource_group.core.location + resource_group_name = azurerm_resource_group.core.name + offer_type = "Standard" + kind = "MongoDB" + automatic_failover_enabled = false + mongo_server_version = 4.2 + ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" capabilities { name = "EnableServerless" @@ -93,7 +93,7 @@ resource "azurerm_private_endpoint" "mongo" { resource "azurerm_key_vault_secret" "cosmos_mongo_connstr" { name = "porter-db-connection-string" - value = azurerm_cosmosdb_account.mongo.connection_strings[0] + value = azurerm_cosmosdb_account.mongo.primary_mongodb_connection_string key_vault_id = azurerm_key_vault.kv.id tags = local.tre_core_tags depends_on = [ diff --git a/core/terraform/network/network.tf b/core/terraform/network/network.tf index c57b673dc..db71fe554 100644 --- a/core/terraform/network/network.tf +++ b/core/terraform/network/network.tf @@ -27,7 +27,7 @@ resource "azurerm_subnet" "app_gw" { virtual_network_name = azurerm_virtual_network.core.name resource_group_name = var.resource_group_name address_prefixes = [local.app_gw_subnet_address_prefix] - private_endpoint_network_policies_enabled = false + private_endpoint_network_policies = "Disabled" private_link_service_network_policies_enabled = true depends_on = [azurerm_subnet.azure_firewall] } @@ -37,7 +37,7 @@ resource "azurerm_subnet" "web_app" { virtual_network_name = azurerm_virtual_network.core.name resource_group_name = var.resource_group_name address_prefixes = [local.web_app_subnet_address_prefix] - private_endpoint_network_policies_enabled = false + private_endpoint_network_policies = "Disabled" private_link_service_network_policies_enabled = true depends_on = [azurerm_subnet.app_gw] @@ -57,8 +57,8 @@ resource "azurerm_subnet" "shared" { resource_group_name = var.resource_group_name address_prefixes = [local.shared_services_subnet_address_prefix] # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies_enabled = false - depends_on = [azurerm_subnet.web_app] + private_endpoint_network_policies = "Disabled" + depends_on = [azurerm_subnet.web_app] } resource "azurerm_subnet" "resource_processor" { @@ -67,8 +67,8 @@ resource "azurerm_subnet" "resource_processor" { resource_group_name = var.resource_group_name address_prefixes = [local.resource_processor_subnet_address_prefix] # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies_enabled = false - depends_on = [azurerm_subnet.shared] + private_endpoint_network_policies = "Disabled" + depends_on = [azurerm_subnet.shared] } resource "azurerm_subnet" "airlock_processor" { @@ -77,8 +77,8 @@ resource "azurerm_subnet" "airlock_processor" { resource_group_name = var.resource_group_name address_prefixes = [local.airlock_processor_subnet_address_prefix] # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies_enabled = false - depends_on = [azurerm_subnet.resource_processor] + private_endpoint_network_policies = "Disabled" + depends_on = [azurerm_subnet.resource_processor] delegation { name = "delegation" @@ -100,8 +100,8 @@ resource "azurerm_subnet" "airlock_notification" { resource_group_name = var.resource_group_name address_prefixes = [local.airlock_notifications_subnet_address_prefix] # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies_enabled = false - depends_on = [azurerm_subnet.airlock_processor] + private_endpoint_network_policies = "Disabled" + depends_on = [azurerm_subnet.airlock_processor] delegation { name = "delegation" @@ -120,8 +120,8 @@ resource "azurerm_subnet" "airlock_storage" { resource_group_name = var.resource_group_name address_prefixes = [local.airlock_storage_subnet_address_prefix] # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies_enabled = false - depends_on = [azurerm_subnet.airlock_notification] + private_endpoint_network_policies = "Disabled" + depends_on = [azurerm_subnet.airlock_notification] } resource "azurerm_subnet" "airlock_events" { @@ -130,8 +130,8 @@ resource "azurerm_subnet" "airlock_events" { resource_group_name = var.resource_group_name address_prefixes = [local.airlock_events_subnet_address_prefix] # notice that private endpoints do not adhere to NSG rules - private_endpoint_network_policies_enabled = false - depends_on = [azurerm_subnet.airlock_storage] + private_endpoint_network_policies = "Disabled" + depends_on = [azurerm_subnet.airlock_storage] # Eventgrid CAN'T send messages over private endpoints, hence we need to allow service endpoints to the service bus # We are using service endpoints + managed identity to send these messaages diff --git a/core/terraform/outputs.tf b/core/terraform/outputs.tf index 1e2850a8a..e4e22f97e 100644 --- a/core/terraform/outputs.tf +++ b/core/terraform/outputs.tf @@ -63,7 +63,7 @@ output "state_store_endpoint" { } output "cosmosdb_mongo_endpoint" { - value = azurerm_cosmosdb_account.mongo.connection_strings[0] + value = azurerm_cosmosdb_account.mongo.primary_sql_connection_string sensitive = true } diff --git a/core/terraform/servicebus.tf b/core/terraform/servicebus.tf index c357046db..3a056017b 100644 --- a/core/terraform/servicebus.tf +++ b/core/terraform/servicebus.tf @@ -36,8 +36,8 @@ resource "azurerm_servicebus_queue" "workspacequeue" { name = "workspacequeue" namespace_id = azurerm_servicebus_namespace.sb.id - enable_partitioning = false - requires_session = true # use sessions here to make sure updates to each resource happen in serial, in order + partitioning_enabled = false + requires_session = true # use sessions here to make sure updates to each resource happen in serial, in order } resource "azurerm_servicebus_queue" "service_bus_deployment_status_update_queue" { @@ -48,8 +48,8 @@ resource "azurerm_servicebus_queue" "service_bus_deployment_status_update_queue" # Cosmos is the final destination of the messages where 2048 is the limit. max_message_size_in_kilobytes = 2048 # default=1024 - enable_partitioning = false - requires_session = true + partitioning_enabled = false + requires_session = true } resource "azurerm_private_dns_zone" "servicebus" { diff --git a/core/terraform/statestore.tf b/core/terraform/statestore.tf index 4fc50f2c2..fa7a9eca9 100644 --- a/core/terraform/statestore.tf +++ b/core/terraform/statestore.tf @@ -1,12 +1,12 @@ resource "azurerm_cosmosdb_account" "tre_db_account" { - name = "cosmos-${var.tre_id}" - location = azurerm_resource_group.core.location - resource_group_name = azurerm_resource_group.core.name - offer_type = "Standard" - kind = "GlobalDocumentDB" - enable_automatic_failover = false - ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" - tags = local.tre_core_tags + name = "cosmos-${var.tre_id}" + location = azurerm_resource_group.core.location + resource_group_name = azurerm_resource_group.core.name + offer_type = "Standard" + kind = "GlobalDocumentDB" + automatic_failover_enabled = false + ip_range_filter = "${local.azure_portal_cosmos_ips}${var.enable_local_debugging ? ",${local.myip}" : ""}" + tags = local.tre_core_tags dynamic "capabilities" { # We can't change an existing cosmos diff --git a/core/version.txt b/core/version.txt index cb73775c4..fee46bd8c 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.11.1" \ No newline at end of file +__version__ = "0.11.1" diff --git a/templates/shared_services/airlock_notifier/porter.yaml b/templates/shared_services/airlock_notifier/porter.yaml index 830421a57..bf9386ff0 100644 --- a/templates/shared_services/airlock_notifier/porter.yaml +++ b/templates/shared_services/airlock_notifier/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-airlock-notifier -version: 1.0.5 +version: 1.0.6 description: "A shared service notifying on Airlock Operations" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf b/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf index b17a9a06b..7680d6756 100644 --- a/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf +++ b/templates/shared_services/airlock_notifier/terraform/airlock_notifier.tf @@ -14,7 +14,7 @@ resource "azurerm_servicebus_queue" "notifications_queue" { name = "notifications" namespace_id = data.azurerm_servicebus_namespace.core.id - enable_partitioning = false + partitioning_enabled = false } /* The notification queue needs to be subscribed to the notification event-grid */ diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index b60a7aa40..b4cbed7ed 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 1.2.4 +version: 1.2.6 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/firewall/terraform/routetable.tf b/templates/shared_services/firewall/terraform/routetable.tf index 77aa64e15..f0e4388d9 100644 --- a/templates/shared_services/firewall/terraform/routetable.tf +++ b/templates/shared_services/firewall/terraform/routetable.tf @@ -2,7 +2,7 @@ resource "azurerm_route_table" "rt" { name = "rt-${var.tre_id}" resource_group_name = local.core_resource_group_name location = data.azurerm_resource_group.rg.location - disable_bgp_route_propagation = false + bgp_route_propagation_enabled = true tags = local.tre_shared_service_tags lifecycle { ignore_changes = [tags] } diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index d97cef3cb..ab04640b4 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.8.14 +version: 0.8.15 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 9c1167738..edc252994 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -275,7 +275,7 @@ resource "azurerm_route_table" "aml" { name = "rt-aml-${var.tre_id}-${local.short_service_id}" resource_group_name = data.azurerm_resource_group.ws.name location = data.azurerm_resource_group.ws.location - disable_bgp_route_propagation = false + bgp_route_propagation_enabled = true tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] } diff --git a/templates/workspace_services/databricks/porter.yaml b/templates/workspace_services/databricks/porter.yaml index 622475862..5c6ac9b03 100644 --- a/templates/workspace_services/databricks/porter.yaml +++ b/templates/workspace_services/databricks/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-databricks -version: 1.0.7 +version: 1.0.8 description: "An Azure TRE service for Azure Databricks." registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/databricks/terraform/network.tf b/templates/workspace_services/databricks/terraform/network.tf index c9d9dadc7..97961c2bb 100644 --- a/templates/workspace_services/databricks/terraform/network.tf +++ b/templates/workspace_services/databricks/terraform/network.tf @@ -131,7 +131,7 @@ resource "azurerm_route_table" "rt" { name = local.route_table_name location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name - disable_bgp_route_propagation = false + bgp_route_propagation_enabled = true tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] }